Find out how to easily connect Alleantia to Cisco Splunk
HOSTNAME - Address of the HEC (Http Events Collector) obtained from the Cisco Splunk interface.
PORT - Default for the splunk service 8088.
TOKEN - Obtained during configuration of the HEC (Http Events Collector) on the Cisco splunk interface.
MODEL - Model of the alleantia telemetry, to be imported into Cisco Splunk for correct detection of events forwarded by Alleantia ISC.
Service Configuration - Configure an HEC (http event collector) from the Cisco Splunk administration interface.
.jpg?width=688&height=528&name=immagine%20(1).jpg)
-1.jpg?width=688&height=267&name=immagine%20(2)-1.jpg)
-1.jpg?width=688&height=273&name=immagine%20(5)-1.jpg)
Take note of the fields required to connect to the Alleantia:
- the address/hostname on which the instance resides
- the token returned by the administration panel once the HEC configuration is complete
The default port on which the service is exposed is usually 8088.
In the configuration of the Alleantia ISC connector, return the three parameters mentioned above.
.png?width=688&height=563&name=immagine%20(5).png)
Download the Alleantia data model, this data model must be installed, via the administration panel, on the Cisco Splunk instance to be connected, so that the HEC can recognise the information forwarded by Alleantia ISC.
Then proceed to select the variables to be forwarded on the service.
Set the mode of action in the event of temporary disconnection from the service (streaming only or saving the unsent data to disk, for a later attempt to resend).
Set the frequency of message forwarding to the Cisco Splunk service. Start the service.