Description
If you're using Splunk, you have the option to integrate that with ConcealBrowse. This allows metrics and data collected by Conceal can be seamlessly transferred into Splunk. This article will guide you through setting up the Splunk portion before integrating with ConcealBrowse.
Applies to
- Splunk
Procedure
Create an index in Splunk
- In your web browser navigate to the following link: https://dev.splunk.com/enterprise/tutorials/module_getstarted/useeventgen/
- In Splunk Web on the navigation bar at the top, go to Settings > Indexes.
- On the Indexes page on the top right, click the button labeled New Index.
- On the New Index you will need to fill out the fields. Below are suggestions, but you can set these to whatever you'd like:
- Index Name: Whatever you'd like your index to be called
- Index Data Type: Events
- Max raw data size: 10MB
- Searchable retention (days): 30 - Click the green button labeled Save.
Create HTTP Event Collector
You can also refer directly to Splunk's documentation: Set up and use HTTP Event Collector in Splunk Web - Splunk Documentation
- Still in your Splunk web instance, on the navigation bar at the top, go to Settings > Data Inputs.
- Click + Add new displayed on right of the row HTTP Event Collector.
- In the Name field, enter a name for the token. The following two fields are optional.
- At the top of the screen click the green button labeled Next.
- On the Input Settings screen on the right, you will choose the box labeled Select. Open the Select Source Type Dropdown. Then select Structured -> _json.
- In the Select Allowed Indexes section in the Available Item(s) box, find and select the Index name you created in step 3. This should bring it into the Selected Item(s) box.
- Click the button labeled Review in the top right.
- Review all of the details on the Review Page. If it all seems correct, click the green button labeled Submit. If not, please hit the Back button and make any necessary changes. Now your HTTP Event Collector has been created.
Locate and copy the API Key for Integration
- Still in your Splunk web instance, on the navigation bar at the top, go to Settings > Data Inputs.
- Click on the HTTP Event Collector link.
- Locate your HTTP Event Collector that you just created. Copy the Token Value, this will be needed to integrate with ConcealBrowse.
- In order to finish your Splunk integration with ConcealBrowse, please refer to the article Splunk integration with ConcealBrowse
Related articles:
- Splunk integration with ConcealBrowse
*Never hesitate to contact your Customer Success Manager for any questions or concerns. You may also open a support ticket at support.conceal.io by scrolling to the bottom and clicking Submit a request.
Was this article helpful?
Articles in this section
- Integrating Wazuh with ConcealBrowse
- Integrating Syslog with ConcealBrowse
- Integrating Azure Sentinel with ConcealBrowse
- Integrating Devo with ConcealBrowse
- How to push pre-process results into a custom post-process webhook
- Reading data in Splunk
- Reading data in Elasticsearch
- Elasticsearch Integration with ConcealBrowse
- Splunk integration with ConcealBrowse
- Elasticsearch configuration