Follow our setup guide to integrate Fivetran logs into your Splunk monitoring system.
Prerequisiteslink
To connect Splunk to Fivetran, you need:
- A Splunk account
edit_token_http
permissions to enable HTTP Event Collector (HEC)
We support HEC on Splunk Enterprise platforms including cloud and on-premise instances and Splunk Cloud deployments.
In Splunklink
Enable HTTP Event Collectorlink
Set up your HTTP Event Collector to configure a secret token that Fivetran can use to send data using HTTP and HTTPS.
-
Click Settings > Data Inputs.
-
Click HTTP Event Collector.
-
Click Global Settings.
-
Set the All Tokens toggle to Enabled.
-
(Optional) Select a Default Source Type for all HEC tokens.
-
(Optional) Select a Default Index.
-
(Optional) Select a Default Output Group.
-
(Optional) Check the Use Deployment Server checkbox to use a deployment server to handle configurations for HEC tokens.
-
(Optional) Check the Enable SSL checkbox to have HEC listen and communicate over HTTPS rather than HTTP.
-
(Optional) Enter a number in the HTTP Port Number field for HEC to listen on.
Tip: Confirm that your firewall rules don’t block incoming and outgoing traffic through the port number.
-
Click Save.
Create an Event Collector Tokenlink
You must configure one token to use HEC.
- Click Settings > Add Data.
- Click monitor.
- Click HTTP Event Collector.
- Enter a name for the token in the Name field. For example, Fivetran Logs.
- (Optional) In the Description field, enter a description for the input and click Next.
- (Optional) Confirm the source type and the index for HEC events.
- Click Review.
- Confirm that all settings are correct for the endpoint.
- Click Submit.
- Copy the secret token and store it somewhere secure.
In Fivetranlink
-
Log in to your Fivetran account.
-
In the left hand navigation pane, click Logs.
-
Click Connect your logging service.
-
Select the Splunk logging service.
-
In the setup form, enter Host and Port details.
-
Set the Enable SSL toggle to Enabled.
-
Enter the secret token that you configured in the Splunk HEC.
-
Click Save & Test. Fivetran will take it from here and sync your logs to Splunk.