DocumentationAPI ReferenceTerraform ProviderStatus PageSchedule a DemoFree Trial
Documentation

Splunk

Suggest Edits

638

Splunk is one of the most popular data platforms for searching, analyzing, visualizing and acting on your data.
env0 has the ability to send all of your deployment logs and audit logs directly to your Splunk account.

Setup

Here are the steps to configure it:

  1. The integration with Splunk uses the HTTP Event Collector, so you will need to set up it in your Splunk instance:

  1. While creating a new HTTP Event Collector you will also create a token. Make sure the token has access to the index you would like to use. You will need this token to configure the integration inside the env0 platform.

  2. By default, env0 uses an index called env0-deployment-logs-index for deployment logs and an index called env0-audit-logs-index for audit logs.
    To create an index for audit logs follow this guide. The deployment logs' index name can be it can be overridden. Either create the env0-deployment-logs-index index, or use an existing index.

  3. By default env0 will use sourcetype: env0-sourcetype, source: env0-deployment-logs-source for deployment logs and source: env0-audit-logs-source for audit logs - this can not be overridden.

  4. There are two ways to configure the integrations:

    1. In the env0 app

      In the organization's integrations page, click on Splunk and fill the form's fields:

    2. Using environment variables

      In the env0 platform you will need to configure the following environment variables in any scope you would like to have them:


      Environment variable name Comment Mandatory
      `ENV0_SPLUNK_URL` [The URL of your splunk instance](https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector#Send_data_to_HTTP_Event_Collector_on_Splunk_Cloud_Platform) in the following format: <protocol>://<instance url/ip>:<port> - for example `https://example.splunkcloud.com:8088` Yes
      `ENV0_SPLUNK_TOKEN` The HTTP Event Collector token value - this is usually a GUID format token - for example `a90c7a14-8aac-4523-bbbb-dea20352aa4d` Yes
      `ENV0_SPLUNK_INDEX` The index you would like env0 to push the data to. No - Default: `env0-deployment-logs-index`

      *These environment variables can only override deployment logs forwarding configuration

Updated 17 days ago