Skip to content

Splunk Integration

Once configured, all existing and new Valtix Gateways using the defined Splunk Profile will send Flow and Threat logs to your Splunk Collector.

In order to complete the steps in this guide, you will need:

A Splunk account, Splunk Collector URL, Event Collector Token and Index name used for storing events.

Tip

Refer to Splunk HTTP Event Collector

Create a Splunk Profile

  1. Navigate to Manage -> Log Forwarding
  2. Click Create
  3. Profile Name - Enter unique name for the integration. Example valtix-splunk Note: Spaces are not permitted.
  4. Description (optional) - Enter a description for the integration.
  5. SIEM Vendor - Using the pulldown, choose Splunk
  6. Endpoint - Enter the URL to Splunk HTTP Event Collector (HEC). Example https://ip:8088/services/collector
  7. Token - Copy and paste the Splunk HEC Token to be used.
  8. Index - Enter the name for the Splunk index where the logs are to be stored. Example history main default
  9. Click Save