Configuring Data Input & Index

In order for Splunk to receive data from the ElastiFlow Unified Flow Collector you must first configure a Data Input & an Index.

There are 5 steps to set up a Data Input & Index

1. Create a Data Input: Settings -> Data Inputs -> HTTP Event Collector -> +Add New

2. Give it a Name, click Next

3. Source Type -> Select -> Select Source Type -> Log To Metrics -> log2metrics_keyvalue

   1. Select Allowed Indexes (pick the ElastiFlow Index you want to use, if one does not exist click "Create a new index")

   2. Verify these sections and click Review:

4. Click Submit
5. Copy this Token Value and use it in your ElastiFlow configuration here