Splunk has two different authentication methods for sending data and querying data. If you intend to use both methods, you will need to create two separate tokens and use them both when configuring a Splunk integration within Synqly.
To send data to Splunk, you must first create a Splunk HTTP Event Collector (HEC). This is a Splunk service that listens for data sent over HTTP. This service is enabled by default on Splunk Enterprise and Splunk Cloud. Instructions on configuring a HEC are available in the Splunk documentation.
To query Splunk, you must first enable token authentication. This is done by creating an authentication token in Splunk. Instructions on creating an authentication token are available in the Splunk documentation.
Please note that when using Splunk Cloud, you need to explicitly configure access policies within Splunk Cloud that enable access to the REST API's required for the integration to functional correctly.
Details on these requirements are available in the Splunk Documentation
Please also note that the query API is not available in Splunk Cloud free trials and requires a paid tenant.