Splunk Connector

The Splunk connector lets you gain real-time operational intelligence through Splunk in your PingOne DaVinci flow.

Setup

You can find more information and setup help in:

To use the connector, you’ll need:

To set up Splunk, create an HTTP event collector token:

Click on Settings > Data > Data Inputs.
Click HTTP Event Collector or click Actions > Add new button.
Click Global Settings and use the following configuration:
1. Enable the All Tokens field.
2. Set the Default Source Type to _json.
3. Set the Default Index to Main.
4. Click Save.
Provide the Token Name, then click Next.
Select Source Type as Automatic and Selected Allowed Indexes. Click Review.
Click Submit.
Copy the generated token.

Add the connector in DaVinci as shown in Adding a connector, then configure it as follows.

The Base URL you received by email from setting up Splunk.

Enter 8088.

Paste the Token created when setting up Splunk.

You can use the Post Splunk Event capability to post a Splunk event:

Add the connector to the flow and configure the fields based on the configuration selected when creating a token.
Select the Event (String) or Event (JSON) to post.
Click Apply.

Create a new Splunk event.

Show details

Time textField: The event time in the format {sec}.{ms}.
Host textField: The host value to assign to the event data.
Source textField: The source value to assign to the event data.
Source Type textField: The sourcetype value to assign to the event data.
Index textField: The name of the index by which the event data is to be indexed.
Event (String) textField: Event in raw text.
Event (JSON) codeEditor: Event in raw JSON.
Fields keyValueList required: Metadata in Key-Value format.

Output Example

 { "rawResponse" :
  { "code" : 0,
   "text" : "Success" } }