All Collections
Data Push Destinations - Splunk (Beta)
Data Push Destinations - Splunk (Beta)
Written by Josh Peters
Updated over a week ago

Before you begin, please be aware the Splunk data push works well, but has a different retry mechanism than the other destinations. As a result, the Splunk data push does not go into the error state if there is an error. It will always show as running in the UXI dashboard whether it is successful or not. The Splunk integration is available for Beta testing and you can request to join the beta through support.

Data Push Destinations - Splunk (Beta)

Selecting the Splunk destination will send your test result data or issue data to your Splunk database. Each test result or issue will be represented as an event in Splunk. The data is sent from the UXI VPC located in AWS US-WEST-2. It is recommended to use either the Splunk cloud, Splunk AMI on AWS or other cloud provider. If your Splunk is on prem, it would require you to route the traffic accordingly. This integration has only been tested Splunk on 9.0.0, but should work on version 7.1 or better.

The UXI data push makes use of the Splunk HTTP Event Collector (HEC).

To get started, navigate to Settings -> Data Inputs.

Select HTTP Event Collector and select Add New.

On the next page, select New Token.

Give the token a name. It is also recommended to check the box for "Enable Index Acknowledgment". Keep all other default settings.

On the Input Settings, you may choose to create a new index or add data to an index. In this example we created a new index for events called “uxi”. Note the index you use, as you will need it later.

Review the settings, when finished click Submit.

On the next page you will be shown the token. Copy this down.

Next go to the UXI Dashboard. Open Settings -> Integrations.

Under Data Push Destinations select Add Destination.

Configure the data push for your Splunk database.

  • Data Type: Test Results or Issues

  • Destination Type: Splunk

  • Name: Give this integration a friendly name

  • URL: Enter the Splunk public URL

  • Port: Enter the Splunk HEC port. Usually, the Splunk HEC runs on port 8088

  • Index: Specify the index used for the Splunk HEC token.

  • Token: Paste the Splunk HEC token

  • Enable Index Acknowledgment: Toggle True or False depending on your token settings.

Click Submit

Wait a few minutes to ensure the data push destination remains in a running state. You should then be able to search your data in Splunk.

Did this answer your question?