Splunk Cloud (Legacy)

configuration in flare in order to configure the integration in flare, you simply need the netloc or your splunk instance, the index under which you want flare alerts to be indexed under, as well as an api token you will create in splunk we have outlined below the process to get all these in splunk! go to https //app flare io/#/team click on edit click on create a new alert channel select option splunk click on see details add the netloc or your splunk instance, the index under which you want flare alerts to be indexed under, as well as an api token you will create in splunk you can also add labels these can be useful to filter the data once in splunk in splunk as for the configuration in splunk, you first need to add a new data source in order to create an api token from there you will need to choose http event collector as a type of data source you can then click the green button new token on the top right of the screen you will get to this here you should enter a arbitrary name for the source make sure not to check the enable indexer acknowledgement option press next! this part is important; you choose the splunk index under which you want flare data to be indexed remember this choice has to then be used in the index field when configuring in flare press next! that's it, you now have your api token that you can use to configure your alert in flare! related articles