Integrating Splunk with Openpath lets you forward event data (entry, input, reader, relay, and lockdown events) from Openpath to Splunk.
First, set up a token in Splunk
Go to Data Inputs.
2. Click HTTP Event Collector.
3. Click New Token.
4. Enter a name and (optional) description for the token, then click Next.
5. Select an Index to send the data to (or create a new one).
6. On the Data Inputs page, you'll see the new Token you just created.
Next, create a rule in Openpath
Go to https://control.openpath.com/login and log in. To access the European Partner Center, please go to https://control.eu.openpath.com/login.
Go to Configurations > Rules.
3. Click the plus(+) sign in the top right corner to Add a Rule.
4. Enter a name and description for the rule, then select a Trigger Type and Event that you want to forward to Splunk.
5. Click Use JSON Editor, copy the JSON below, and paste it over the "requests" section of the rule, using your Splunk token and URL where indicated.
"requests": [ { "type": "http", "httpParams": { "headers": [ "User-Agent: Openpath/Rules Engine", "Content-Type: application/json", "Authorization: Splunk YOUR SPLUNK TOKEN" ], "method": "post", "url": "http://YOUR URL/services/collector/event", "body": "{\"event\": {{json event}} }" } } ] }
View the data in Splunk
Search for the Openpath data in the index you selected previously.
0 Comments