Integrate Splunk with Mist Webhooks
Splunk can be hosted in the cloud or on-premise. If you are running managed Splunk Cloud, you will need to raise a ticket with your Splunk support to have HEC configured. For self-service Splunk, or Splunk Enterprise (on-premise) the following instructions help you configure HTTP Event Collection (HEC) to receive webhooks from Mist.
HEC is a method by which Splunk can receive an HTTP POST request that includes a payload of data. This enables cloud services like Mist to send data to Splunk using webhooks. Webhooks requires IP reachability from the Mist Cloud to your Splunk instance. In other words, you need a publicly accessible URL for your Splunk server with the HTTP port open.
Configuring HEC in Splunk
The result of the previous step should look similar to: {“text”:”Success”,”code”:0}. If you do not see a success message, confirm that there are no firewalls blocking the HEC port on the Splunk instance.
Configuring Mist Webhooks to Point to Your Splunk Instance
Before you Begin
You must have the following information ready so that you can complete the Mist configuration:
- The FQDN of your Splunk HEC instance
- The port number HEC is listening on (Default is 8088)
- Your Splunk HEC Token
You can configure webhooks in Mist at either the Org level, or the Site level. For this example, we configure an Org level webhook and the topics we will be subscribing to will be “audits”, “alarms”, and “device-events”.
This confirms that Mist and Splunk can communicate.