Splunk

Connect Splunk to Sentry with the Data Forwarding feature.

This integration needs to be set up in each project for which you wish to use it. It is maintained and supported by the Sentry community.

Navigate to Settings > Integrations > Splunk

Install Splunk integration

To get started, you’ll need to first enable the HTTP Event Collector:

Under Settings, select Data Inputs:

Splunk settings

Select HTTP Event Collector under Local Inputs:

Splunk data inputs

Under your HEC settings, click "Global Settings":

Splunk HEC inputs

Change All Tokens to Enabled, and note the HTTP Port Number (8088 by default):

Splunk global settings

Under HTTP Event Collector, create a new Sentry input by clicking "New Token":

Splunk Sentry input

Enter a name (e.g. Sentry), and click "Next":

Input a name in Splunk

Select the index you wish to make accessible (e.g. main), and click "Review":

Select index in Splunk

You’ll be prompted to review the input details. Click "Submit" to continue:

Review form before submitting

The input has now been created, and you should be presented with the Token Value:

Token has been successfully created in Splunk

To enable Splunk forwarding, you’ll need the following:

  • Your instance URL (see note below)
  • The Sentry HEC token value

In Sentry, navigate to the project you want to forward events from, and click "Project Settings".

Configure data forwarding in [Project] > Settings > Data Forwarding, and provide the required information for the given integration.

After navigating to Data Forwarding, enable the Splunk integration:

Data forwarding settings page

Your instance URL is going to vary based on the type of Splunk service you’re using. If you’re using self-service Splunk Cloud, the instance URL will be the URL of the Splunk instance running the HTTP Event Collector (HEC):

Copied
https://<host>:8088

For all other Splunk Cloud plans, you’ll use the http-inputs prefix:

Copied
https://http-inputs-<host>:8088

If you’re using Splunk behind your firewall, you’ll need to fill in the appropriate host.

Once you’ve filled in the required fields, hit Save Changes:

Splunk settings form

We’ll now begin forwarding all new events into your Splunk instance.

Splunk page showing Sentry data

Help improve this content
Our documentation is open source and available on GitHub. Your contributions are welcome, whether fixing a typo (drat!) or suggesting an update ("yeah, this would be better").