Log Streaming for Splunk Enterprise or Cloud

Updated 1 year ago by admin

The Log Streaming service allows enriched logs from the USS platform to be streamed to external services such as SIEM solutions, analytics platforms and SoC services. To request access to the Log Streaming service, please contact your service provider.

This article requires a Splunk Enterprise or Cloud license.
  1. Log in to Splunk Enterprise or Cloud
  2. Navigate to Settings -> Data Inputs
  3. Click Add New in the HTTP Event Collector row
  4. Enter a Name and click Next
  5. Select an existing index or create a new one for the data and click Review
  6. Click Submit
  7. Copy the Token Value and send it to your service provider along with your Splunk Enterprise Fully Qualified Domain Name (FQDN) where port 8088 is open for data ingest. Consult the Splunk installation documents for assistance with firewall configuration.
  8. Wait for confirmation from your service provider that the log stream has been configured
  9. Click Start Search or create a new search on the index used in Step 5
Note that it could take up to an hour for Splunk Enterprise or Cloud to index data for the first time. In most cases it is 10-15 minutes.
  1. The log stream is now set up and you can continue to query the data in Splunk Enterprise or Cloud.

How did we do?