Set up a Splunk integration

1. Navigate to Integrations in the FireTail platform. Select the Create integration tab.

2. Click Splunk.

3. In the Name of Integration field, enter a name for the integration.

4. Enter the HTTP Collector endpoint. View the Splunk documentation to determine the format of the endpoint you should use.

• Example: https://http-inputs-<host>.splunkcloud.com:8088/services/collector/event

• ‍Using Splunk Free Trial. Mark as enabled if you currently using the Spunk free trial. If enabled this will turn off SSL Verify as free trials use self signed certificates.

5. HTTP Collector API Token - Paste your Splunk API token into this field. To create a token in Splunk:

• Go to the Settings menu. Click Add Data.
• Click Monitor.
• Select HTTP Event Collector. Click Next.
• Select Main as the Index.
• Click Review. Click Submit.
• Copy the token.

View the Splunk documentation for more information about creating an Event Collector token on the Splunk Cloud Platform.

6. In FireTail, edit the payload if required. This is the information that is populated in the Splunk when an alert or incident is triggered. Tokens, which are placeholders embedded in the payload, dynamically insert relevant data such as alert details, timestamps and so on. You can edit these tokens to customize the information displayed in the notification. For a full list of tokens, go to Dynamic variables. Learn how to Customize notifications.

7. Click Submit.

The integration is created and listed under the existing integrations tab You can now select this integration as a notification method when you create an alert or create an incident.