Splunk Event Collector tokens handle the authentication of data shared from your ServiceNow instance to Splunk. Each token has a unique value consisting of a 128-bit number that is represented as a 32-character globally unique identifier (GUID). You will need to provide the token that is generated for your Splunk instance to Perspectium Support so that the sharing of ServiceNow data to Splunk can be properly configured. Learn more about Splunk Event Collector tokens.


Prerequisites


(warning) First, you will need to create a ServiceNow bulk/dynamic share for Splunk

(warning) You will also need to point your Splunk HTTP Event Collector port to the Perspectium Integration Mesh.

Procedure


To generate a token for your Splunk Event Collector token, follow these steps:

Log into Splunk and navigate to Settings > Data inputs from the top left-hand side navigation menu.

Click HTTP Event Collector under Type.

At the top right-hand corner of the screen, click New Token.

Type any Name for your token and optionally type a Description.Then, click Next at the top of the form.

Click Review at the top of the form.

(info) NOTE: Optionally, you can select Source types, an App context, and Indexes. However, you must provide this information to Perspectium Support so that your Splunk integration can be properly configured.

Click Submit. Then, on the resulting page, copy your Token Value and paste it in a secure place. You will need to provide this token to Perspectium Support so that the sharing of ServiceNow data to Splunk can be properly configured.

Next steps


View your event collections in Splunk