Splunk

This guide will show you how to send Doppler Activity Logs to Splunk

Prerequisites

  • Ability to add a new Splunk Event Collector
  • Paid Splunk account
  • Doppler Enterprise plan

Create a new Event Collector

Within Splunk, select Data Inputs from the Settings dropdown

714714

In the HTTP Event Collector row, click Add new

10421042

Give your Event Collector Token a name at minimum

631631

Doppler sends Activity Logs as a JSON payload. In the Source Type, choose Select and then search for and select _json. As well, select the Index you want Doppler Activity Log data to land in

10211021

On the next screen, review your configuration. When you've confirmed your selections, hit submit. On the confirmation page, highlight and copy the Token that's shown. You'll enter that in Doppler in a moment.

553553

Head on over to Doppler and visit the Settings page. Scroll down until you see the Services section. You'll find two inputs for Splunk. One for the Token you just generated and another for your HTTP endpoint.

921921

Go ahead and enter your token. For the HTTPS endpoint, we recommend viewing this link for an in-depth explanation on constructing your URL. Given that we're using a JSON payload, please ensure your URL ends with /services/collector/event. Construction this URL can be a bit tricky so if you run into issues, don't hesitate to reach out to [email protected] with any questions