Configuring Data Input & Index

In order for Splunk to receive data from the ElastiFlow Unified Flow Collector you must first configure a Data Input & an Index.

There are 5 steps to set up a Data Input & Index

  1. Create a Data Input: Settings -> Data Inputs -> HTTP Event Collector -> +Add New image image

  2. Give it a Name, click Next image

  3. Source Type -> Select -> Select Source Type -> Log To Metrics -> log2metrics_keyvalue image

    1. Select Allowed Indexes (pick the ElastiFlow Index you want to use, if one does not exist click "Create a new index") image

    2. Verify these sections and click Review: image

  4. Click Submit image

  5. Copy this Token Value and use it in your ElastiFlow configuration here image image image

PreviousDefault Search MacroNextSplunk App Installation