Splunk is one of the most popular data platforms for searching, analyzing, visualizing and acting on your data.
env0 has the ability to send all of your deployment logs directly to your Splunk account.


Here are the steps to configure it:

  1. The integration with Splunk uses the HTTP Event Collector, so you will need to set up it in your Splunk instance:
  1. While creating a new HTTP Event Collector you will also create a token. Make sure the token has access to the index you would like to use. You will need this token to configure the integration inside the env0 platform.
  2. By default, env0 uses an index called env0-deployment-logs-index. This is a configuration you can override. Either create the env0-deployment-logs-index index, or use an existing index. To create a new index follow this guide
  3. By default env0 will use source: env0-deployment-logs-source and sourcetype: env0-sourcetype - this can not be overridden.
  4. In the env0 platform you will need to configure the following environment variables in any scope you would like to have them:
Environment variable nameCommentMandatory
ENV0_SPLUNK_URLThe URL of your splunk instance in the following format: ://<instance url/ip>: - for example https://example.splunkcloud.com:8088Yes
ENV0_SPLUNK_TOKENThe HTTP Event Collector token value - this is usually a GUID format token - for example a90c7a14-8aac-4523-bbbb-dea20352aa4dYes
ENV0_SPLUNK_INDEXThe index you would like env0 to push the data to.No - Default: env0-deployment-logs-index