Splunk Event Collector tokens handle the authentication of data shared from your ServiceNow instance to Splunk. Each token has a unique value consisting of a 128-bit number that is represented as a 32-character globally unique identifier (GUID). You will need to provide the token that is generated for your Splunk instance to Perspectium Support so that the sharing of ServiceNow data to Splunk can be properly configured. Learn more about Splunk Event Collector tokens.
Prerequisites
First, you will need to create a ServiceNow bulk/dynamic share for Splunk.
You will also need to point your Splunk HTTP Event Collector port to the Perspectium Integration Mesh.
Procedure
To generate a token for your Splunk Event Collector token, follow these steps:
Log into Splunk and navigate to Settings > Data inputs from the top left-hand side navigation menu.
Click HTTP Event Collector under Type.
At the top right-hand corner of the screen, click New Token.
Type any Name for your token and optionally type a Description.Then, click Next at the top of the form.
Click Review at the top of the form.
NOTE: Optionally, you can select Source types, an App context, and Indexes as these configurations will be used for data shared into Splunk. For example, data shared into Splunk will use the indexes as setup in this HTTP Event Collector.
Click Submit. Then, on the resulting page, copy your Token Value and paste it in a secure place. You will need to provide this token to Perspectium Support so that the sharing of ServiceNow data to Splunk can be properly configured.