Splunk is an observability platform that provides search, analysis, and visualization for actionable insights on your data. The Splunk event forwarding extension leverages the Splunk HTTP Event Collector REST API to send events from the Adobe Experience Platform Edge Network to the Splunk HTTP Event Collector.
Splunk uses bearer tokens as the authentication mechanism to communicate with the Splunk Event Collector API.
Marketing teams can use the extension for the following use cases:
|Customer behavior analytics||Organizations can capture customer interaction event data from their website and forward relevant events to Splunk. Marketing and analytics teams can then perform subsequent analysis within the Splunk platform to understand key user interactions and behavior. The Splunk platform can be used to generate graphs, dashboards, or other visualizations to inform business stakeholders.|
|Scalable search on large datasets||Organizations can capture transactional or conversational input as event data from the website and forward events to Splunk. Analytics teams can then leverage Splunk’s scalable indexation abilities to filter and process large datasets to derive any business insights and make informed decisions.|
You must have a Splunk account to use this extension. You can register for a Splunk account on the Splunk homepage.
You must also have the following technical values to configure the extension:
Splunk endpoints referenced within event forwarding should only use port
443. Non-standard ports are currently not supported in event forwarding implementations.
To install the Splunk Event Collector extension in the UI, navigate to Event Forwarding and select a property to add the extension to, or create a new property instead.
Once you have selected or created the desired property, navigate to Extensions > Catalog. Search for “Splunk”, and then select Install on the Splunk Extension.
Depending on your implementation needs, you may need to create create a schema, data elements, and a dataset before configuring the extension. Please review all the configuration steps before starting in order to determine which entities you need to set up for your use case.
Select Extensions in the left navigation. Under Installed, select Configure on the Splunk extension.
For HTTP Event Collector URL, enter your Splunk platform instance address and port. Under Access Token, enter your Event Collector Token value. When finished, select Save.
Start creating a new event forwarding rule rule and configure its conditions as desired. When selecting the actions for the rule, select the Splunk extension, then select the Create Event action type. Additional controls appear to further configure the Splunk Event.
The next step is to map the Splunk event properties to data elements that you have previously created. The supported optional mappings based on the input event data that can be set up are given below. Refer to the Splunk documentation for further details.
|Indicate how you want to provide the event data. Event data can be assigned to the
|Host||The hostname of the client from which you are sending data.|
|Source Type||The source type to assign to the event data.|
|Source||The source value to assign to the event data. For example, if you are sending data from an app you are developing, set this key to the name of the app.|
|Index||The name of the event data’s index. The index you specify here must be within the list of allowed indexes if the token has the indexes parameter set.|
|Time||The event time. The default time format is UNIX time (in the format
|Fields||Specify a raw JSON object or a set of key-value pairs that contain explicit custom fields to be defined at index time. The
Requests containing the
After creating and executing the event forwarding rule, validate whether the event sent to the Splunk API is displayed as expected in the Splunk UI. If the event collection and Experience Platform integration were successful, you will see events within the Splunk console like so:
This document covered how to install and configure the Splunk event forwarding extension in the UI. For more information on collecting event data in Splunk, refer to the official documentation: