{"metadata":{"image":[],"title":"","description":""},"api":{"url":"","auth":"required","params":[],"results":{"codes":[]},"settings":""},"next":{"description":"","pages":[]},"title":"Splunk Event Collector","type":"basic","slug":"splunk-event-collector-tutorial","excerpt":"Gateblu Plugin","body":"[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"What is an event collector?\"\n}\n[/block]\nAn event collector is an Octoblu forwarder that sends its messages to Splunk as events. Your event collector will collect all messages from specified devices and store them as events in your Splunk using an event token generated by Splunk. You can then send messages directly to the node in the Octoblu designer. \n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"1 - Gateblu setup\"\n}\n[/block]\nIn order to create an event collector, you will need to install and run Gateblu. If you are unfamiliar with Gateblu or need to download it, go to [the Gateblu page](https://gateblu.readme.io/docs).\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"2 - Create an Event Collector In Splunk\"\n}\n[/block]\n1. Log into your Splunk Instance \n2. Settings -> Data Inputs -> HTTP Event Collector\n3. Click **New Token** in the top right.\n4. Follow along to create a new event collector. \n5. Copy and save the Event Collector Token for use in the next step.\n\n**[Docs on the HTTP Event collector can be found here:](http://docs.splunk.com/Documentation/Splunk/6.3.0beta/RESTREF/RESTinput#services.2Fcollector.2Fevent)**\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"3 - Install and configure event collector plugin\"\n}\n[/block]\n1. Log on to app.octoblu.com\n2. Ensure that you have a Gateblu running on some machine\n3. Navigate to the **Things** page via the side menu\n4. Select **Splunk Event Collector**\n5. Follow the instructions to select a Gateblu to install it to **This can take a few minutes depending on the connection speed of your Gateblu**\n6. You will be presented with some options to fill out as shown below, fill them out accordingly, enter a name for the new instance of this plugin and save. You will be taken to the designer next.\n7. \n```\nEventCollectorToken: This is generated by Splunk\nSplunkEventUrl: <host>:<mPort>/services/collector/event\n```\n\n7. Any messages sent  to the Event Collector node will be posted to your HTTP Event Collector in Splunk and can now be searched via its index.\n8. Check out the [Splunk Forwarder Tutorial](https://octoblu-splunk.readme.io/docs/splunk-forwarder-tutorial) to take things further.","updates":[],"order":1,"isReference":false,"hidden":true,"sync_unique":"","link_url":"","link_external":false,"_id":"560048f40c703d1900953053","__v":17,"category":{"sync":{"isSync":false,"url":""},"pages":["560048203aa0520d00da0a80","560048b46932a00d00ba7c14","560048ce97f69f1700f218fe","560048f40c703d1900953053"],"title":"Documentation","slug":"documentation","order":9999,"from_sync":false,"reference":false,"_id":"5600481f3aa0520d00da0a7e","__v":4,"createdAt":"2015-09-21T18:10:39.368Z","project":"5600481e3aa0520d00da0a7a","version":"5600481e3aa0520d00da0a7d"},"createdAt":"2015-09-21T18:14:12.965Z","version":{"version":"1.0","version_clean":"1.0.0","codename":"","is_stable":true,"is_beta":false,"is_hidden":false,"is_deprecated":false,"categories":["5600481f3aa0520d00da0a7e"],"_id":"5600481e3aa0520d00da0a7d","createdAt":"2015-09-21T18:10:38.838Z","releaseDate":"2015-09-21T18:10:38.838Z","__v":1,"project":"5600481e3aa0520d00da0a7a"},"githubsync":"","project":"5600481e3aa0520d00da0a7a","user":"5564f227f0f70f0d00a9ab20"}

Splunk Event Collector

Gateblu Plugin

[block:api-header] { "type": "basic", "title": "What is an event collector?" } [/block] An event collector is an Octoblu forwarder that sends its messages to Splunk as events. Your event collector will collect all messages from specified devices and store them as events in your Splunk using an event token generated by Splunk. You can then send messages directly to the node in the Octoblu designer. [block:api-header] { "type": "basic", "title": "1 - Gateblu setup" } [/block] In order to create an event collector, you will need to install and run Gateblu. If you are unfamiliar with Gateblu or need to download it, go to [the Gateblu page](https://gateblu.readme.io/docs). [block:api-header] { "type": "basic", "title": "2 - Create an Event Collector In Splunk" } [/block] 1. Log into your Splunk Instance 2. Settings -> Data Inputs -> HTTP Event Collector 3. Click **New Token** in the top right. 4. Follow along to create a new event collector. 5. Copy and save the Event Collector Token for use in the next step. **[Docs on the HTTP Event collector can be found here:](http://docs.splunk.com/Documentation/Splunk/6.3.0beta/RESTREF/RESTinput#services.2Fcollector.2Fevent)** [block:api-header] { "type": "basic", "title": "3 - Install and configure event collector plugin" } [/block] 1. Log on to app.octoblu.com 2. Ensure that you have a Gateblu running on some machine 3. Navigate to the **Things** page via the side menu 4. Select **Splunk Event Collector** 5. Follow the instructions to select a Gateblu to install it to **This can take a few minutes depending on the connection speed of your Gateblu** 6. You will be presented with some options to fill out as shown below, fill them out accordingly, enter a name for the new instance of this plugin and save. You will be taken to the designer next. 7. ``` EventCollectorToken: This is generated by Splunk SplunkEventUrl: <host>:<mPort>/services/collector/event ``` 7. Any messages sent to the Event Collector node will be posted to your HTTP Event Collector in Splunk and can now be searched via its index. 8. Check out the [Splunk Forwarder Tutorial](https://octoblu-splunk.readme.io/docs/splunk-forwarder-tutorial) to take things further.