Splunk Setup Guide
Follow our setup guide to integrate Fivetran logs into your Splunk monitoring system.
To connect Splunk to Fivetran, you need:
- A Splunk account
edit_token_httppermissions to enable HTTP Event Collector (HEC)
We support HEC on Splunk Enterprise platforms and Splunk Cloud deployments.
Enable HTTP Event Collector
Set up your HTTP Event Collector to configure a secret token that Fivetran can use to send data using HTTP and HTTPS.
Click Settings > Data Inputs.
Click HTTP Event Collector.
Click Global Settings.
Set the All Tokens toggle to Enabled.
(Optional) Select a Default Source Type for all HEC tokens.
(Optional) Select a Default Index.
(Optional) Select a Default Output Group.
(Optional) Check the Use Deployment Server checkbox to use a deployment server to handle configurations for HEC tokens.
(Optional) Check the Enable SSL checkbox to have HEC listen and communicate over HTTPS rather than HTTP.
(Optional) Enter a number in the HTTP Port Number field for HEC to listen on.
Tip: Confirm that your firewall rules don’t block incoming and outgoing traffic through the port number.
Create an Event Collector Token
You must configure one token to use HEC.
- Click Settings > Add Data.
- Click monitor.
- Click HTTP Event Collector.
- Enter a name for the token in the Name field. For example, Fivetran Logs.
- (Optional) In the Description field, enter a description for the input and click Next.
- (Optional) Confirm the source type and the index for HEC events.
- Click Review.
- Confirm that all settings are correct for the endpoint.
- Click Submit.
- Copy the secret token and store it somewhere secure.
Log in to your Fivetran account.
In the left hand navigation pane, click Logs.
Click Connect your logging service.
Select the Splunk logging service.
In the setup form, enter Host and Port details.
Set the Enable SSL toggle to Enabled.
Enter the secret token that you configured in the Splunk HEC.
Click Save & Test. Fivetran will take it from here and sync your logs to Splunk.