Connect Splunk to Sentry with the Data Forwarding feature.
Note: We only support Splunk Cloud plans. We do not support Splunk Enterprise plans.
See the Splunk documentation for specific details on your Splunk installation.
To get started, you’ll need to first enable the HTTP Event Collector:
Under Settings, select Data Inputs:
Select HTTP Event Collector under Local Inputs:
Under your HEC settings, click Global Settings:
Change All Tokens to Enabled, and note the HTTP Port Number (
8088 by default):
Note: If you’re running Splunk in a privileged environment, you may need to expose the HEC port.
Under HTTP Event Collector, create a new Sentry input by clicking New Token:
Enter a name (e.g.
Sentry), and click Next:
Select the index you wish to make accessible (e.g.
main), and click Review:
You’ll be prompted to review the input details. Click Submit to continue:
The input has now been created, and you should be presented with the Token Value:
To enable Splunk forwarding, you’ll need the following:
- Your instance URL (see note below)
- The Sentry HEC token value
In Sentry, navigate to the project you want to forward events from, and click Project Settings:
Navigate to Data Forwarding, and enable the Splunk integration:
Your instance URL is going to vary based on the type of Splunk service you’re using. If you’re using self-service Splunk Cloud, the instance URL will use the
For all other Splunk Cloud plans, you’ll use the
If you’re using Splunk behind your firewall, you’ll need to fill in the appropriate host.
Once you’ve filled in the required fields, hit Save Changes:
We’ll now begin forwarding all new events into your Splunk instance.
Note: Sentry will internally limit the maximum number of events sent to your Splunk instance to 50 per second.