Skip to content

Log Forwarding - Splunk


Splunk is a very common and powerful SIEM that is used by many companies. Valtix supports Log Forwarding to Splunk to send Security Events and Traffic Log information for processing, storage, access and correlation. The information sent is in a semi-structured JSON format where the attribute-value pairs can be accessed and processed.


In order to forward logs to Splunk, the following information is required:

  • Splunk account
  • Splunk Collector URL
  • Event Collector Key
  • Index Name


For information on the Splunk Event Collector, refer to Splunk HTTP Event Collector

Profile Parameters

Parameter Deonticity Default Description
Profile Name Required A unique name to use to reference the Profile
Description Optional A description for the Profile
Destination Required Datadog The SIEM used for the Profile
Skip Verify Certificate Optional Unchecked Whether to skip verifying the authenticity of the certificate
Endpoint Required The URL used to access the HTTP Event Collector
Token Required The Splunk Token to allow Valtix to communicate with Splunk
Index Required main The name of the Splunk index used to store events