Splunk Event Collector

Gateblu Plugin

What is an event collector?

An event collector is an Octoblu forwarder that sends its messages to Splunk as events. Your event collector will collect all messages from specified devices and store them as events in your Splunk using an event token generated by Splunk. You can then send messages directly to the node in the Octoblu designer.

1 - Gateblu setup

In order to create an event collector, you will need to install and run Gateblu. If you are unfamiliar with Gateblu or need to download it, go to the Gateblu page.

2 - Create an Event Collector In Splunk

  1. Log into your Splunk Instance
  2. Settings -> Data Inputs -> HTTP Event Collector
  3. Click New Token in the top right.
  4. Follow along to create a new event collector.
  5. Copy and save the Event Collector Token for use in the next step.

Docs on the HTTP Event collector can be found here:

3 - Install and configure event collector plugin

  1. Log on to app.octoblu.com
  2. Ensure that you have a Gateblu running on some machine
  3. Navigate to the Things page via the side menu
  4. Select Splunk Event Collector
  5. Follow the instructions to select a Gateblu to install it to This can take a few minutes depending on the connection speed of your Gateblu
  6. You will be presented with some options to fill out as shown below, fill them out accordingly, enter a name for the new instance of this plugin and save. You will be taken to the designer next.
EventCollectorToken: This is generated by Splunk
SplunkEventUrl: <host>:<mPort>/services/collector/event
  1. Any messages sent to the Event Collector node will be posted to your HTTP Event Collector in Splunk and can now be searched via its index.
  2. Check out the Splunk Forwarder Tutorial to take things further.