Splunk has two different authentication methods for sending data and querying data. If you intend to use both methods, you will need to create two separate tokens and use them both when configuring a Splunk integration within Synqly.

Configure Splunk to Receive Data

To send data to Splunk, you must first create a Splunk HTTP Event Collector (HEC). This is a Splunk service that listens for data sent over HTTP. This service is enabled by default on Splunk Enterprise and Splunk Cloud. Instructions on configuring a HEC are available in the Splunk documentation.

Enable Token Authentication to Query Splunk

To query Splunk, you must first enable token authentication. This is done by creating an authentication token in Splunk. Instructions on creating an authentication token are available in the Splunk documentation.

Note that the query API is only available in Splunk Enterprise and is not available in Splunk Cloud free trials.