Configure: Splunk Enterprise
Configure Source
Data types available from Splunk Enterprise
- Select data types (source supported data types will automatically be available in the UI; ensure Destination can ingest chosen data types
- Collector (Source Mediator)
- Event Data Type (Source)
- Metric Data Type (Source)
- Unstructured (Source)
- Topology Data Type (Source)
Access Event, Metric, and Topology Configuration Steps Through Expansion Panels Below
Step 6a: Configure Source Events
Step 6a: Configure Source Events
- Collection Schedule: the scheduled frequency which StreamWeaver will collect event data from Splunk (5 Minutes interval recommended)
- Data Time Window: the historical period from present time which StreamWeaver will collect from Splunk (5 Minutes interval recommended)
- Data Latency: specifies how far back on the timeline that the Data Time Window is placed
- Saved Search Name: A selection of Splunk Saved Searches (Reports) are automatically populated select one of the reports.
- Fields To Include (Not Used)
- Fields to Exclude (Not Used)
- Splunk Fields to Exclude : Select the splunk fields to exclude - All splunk fields are automatically selected, using the pull down a selection of unselected Splunk Fields is automatically populated from Elastic; select "Select All" or a specific subset of Statuses
Field Mappings
Carefully example the fields for the Elastic record and map them to the destination field names listed.
Step 6b: Configure Source Metrics
Step 6b: Configure Source Metrics
- Collection Schedule: the scheduled frequency which StreamWeaver will collect event data from Splunk (5 Minutes interval recommended)
- Data Time Window: the historical period from present time which StreamWeaver will collect from Splunk (5 Minutes interval recommended)
- Data Latency: specifies how far back on the timeline that the Data Time Window is placed
- Saved Search Name: A selection of Splunk Saved Searches (Reports) are automatically populated select one of the reports.
Step 6c: Configure Source Unstructured
Step 6c: Configure Source Unstructured
- Collection Schedule: the scheduled frequency which StreamWeaver will collect event data from Splunk (5 Minutes interval recommended)
- Data Time Window: the historical period from present time which StreamWeaver will collect from Splunk (5 Minutes interval recommended)
- Data Latency: specifies how far back on the timeline that the Data Time Window is placed
- Saved Search Name: A selection of Splunk Saved Searches (Reports) are automatically populated select one of the reports.
- Fields To Include (Not Used)
- Fields to Exclude (Not Used)
- Splunk Fields to Exclude : Select the splunk fields to exclude - All splunk fields are automatically selected, using the pull down a selection of unselected Splunk Fields is automatically populated from Elastic; select "Select All" or a specific subset of Statuses
Step 6c: Configure Source Topology
Step 6d: Configure Source Unstructured
- Collection Schedule: the scheduled frequency which StreamWeaver will collect event data from Splunk (5 Minutes interval recommended)
- Data Time Window: the historical period from present time which StreamWeaver will collect from Splunk (5 Minutes interval recommended)
- Data Latency: specifies how far back on the timeline that the Data Time Window is placed
- Saved Search Name: A selection of Splunk Saved Searches (Reports) are automatically populated select one of the reports.
- Fields To Include (Not Used)
- Fields to Exclude (Not Used)
- Splunk Fields to Exclude : Select the splunk fields to exclude - All splunk fields are automatically selected, using the pull down a selection of unselected Splunk Fields is automatically populated from Elastic; select "Select All" or a specific subset of Statuses
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*