638638

Splunk is one of the most popular data platforms for searching, analyzing, visualizing and acting on your data.
env0 has the ability to send all of your deployment logs directly to your Splunk account.

Setup

Here are the steps to configure it:

  1. The integration with Splunk uses the HTTP Event Collector, so you will need to set up it in your Splunk instance:
  1. While creating a new HTTP Event Collector you will also create a token. Make sure the token has access to the index you would like to use. You will need this token to configure the integration inside the env0 platform.
  2. By default, env0 uses an index called env0-deployment-logs-index. This is a configuration you can override. Either create the env0-deployment-logs-index index, or use an existing index. To create a new index follow this guide
  3. By default env0 will use source: env0-deployment-logs-source and sourcetype: env0-sourcetype - this can not be overridden.
  4. In the env0 platform you will need to configure the following environment variables in any scope you would like to have them:

Environment variable name

Comment

Mandatory

ENV0_SPLUNK_URL

The URL of your splunk instance in the following format: ://<instance url/ip>: - for example https://example.splunkcloud.com:8088

Yes

ENV0_SPLUNK_TOKEN

The HTTP Event Collector token value - this is usually a GUID format token - for example a90c7a14-8aac-4523-bbbb-dea20352aa4d

Yes

ENV0_SPLUNK_INDEX

The index you would like env0 to push the data to.

No - Default: env0-deployment-logs-index


Did this page help you?