Integrating with Splunk Enterprise

As a tenant administrator, perform the following steps to integrate with Splunk, verify the integration, and view the collected event and metric data in various BMC products.

Before you begin

1. Have the egress IP of your tenant. Request the egress IP from BMC Software if you don't already have it.
2. Ensure that you have a firewall rule to allow traffic from the egress IP to the Splunk host on the listening port (default is 8089).

To integrate with Splunk Enterprise

1. Log on to BMC Helix Portal, and click Launch on BMC Helix Intelligent Integrations.
2. On the CONNECTORS tab, click in the SOURCES panel.
3. Click the Splunk tile.
4. Specify the following details for the source connection:
   1. Specify the Splunk host name.
   2. Specify the Splunk HTTP or HTTPS port number depending on the connection protocol. The default port number is 8089.
   3. Select the HTTPS option to use an https connection to the Splunk host.
   4. Enter the username and password.
5. Click VALIDATE AND CREATE.
   The specified connection details are validated and the corresponding source connection is created in the Source Connection list.

6. Select the source connection that you created from the Source Connection list if it is not selected already.

   Important

   The destination host connection is created and configured automatically for each tenant when the source connection is created.

7. Clear the option for the data type for which you don't want to collect data. By default, all the options are selected.

8. Configure the collectors for the selected data types by clicking the respective data type in the Collectors section. Specify the parameters for the selected data type, as explained in the following table:
9. Click CREATE COLLECTORS to create the required collector streams for the selected data types.
10. Configure the distributors for the selected data types by clicking the respective data type in the Distributors section. Specify the parameters for the selected data type, as explained in the following table:
    

1. Click CREATE DISTRIBUTORS to create the required distributor streams for the selected data types.
2. Click one of the following buttons:

1. • SAVE STREAM: Click this button if you want to edit the integration details before creating the instance. After you save the stream, the connector that you just created is listed in the SOURCES panel. Move the slider to the right to start the data stream.
   • SAVE AND START STREAM: Click this button if you want to save the integration details and start receiving the data immediately.

          For more information about the data streams, see Starting-or-stopping-data-streams.

To verify the integration

From BMC Helix Intelligent Integrations, on the SOURCES panel, confirm that the data streams for the integration you created are running. Data streaming is indicated by moving colored arrows.

• A moving blue arrow () indicates that event data is being streamed. 
• A moving red arrow () indicates that metric data is being streamed.

To view events in BMC Helix Operations Management

From BMC Helix Operations Management, go to Monitoring > Events to ensure that you can see the events in BMC Helix Operations Management.
For more information, see Event monitoring.

To view metrics in BMC Helix Operations Management

1. In BMC Helix Operations Management, select Monitoring > Devices.
2. Click the links for the required device.

3. On the Monitors tab, click the required monitor.
   The Performance Overview tab shows the metrics graph. For information about metrics, see Viewing collected data.

To view situations in BMC Helix AIOps

In BMC Helix AIOps, on the Overview page, view the services and situations for the event and topology data received from Splunk.