Blue Prism Data Gateway integration with Splunk

blueprism-akin · ‎11-29-2023

Hi,

I am new to Splunk, and I am doing some testing with Blue Prism Data gateway with Splunk. How can I get the Splunk URL and API Token

_JP · ‎11-29-2023

Based on your description it sounds like you are configuring the Blue Prism side of things to point at the HTTP Event Collector (HEC). To get the URL and token, you'll need to make sure the HEC configuration has been completed on the Splunk side so Blue Prism has a place to send its data.

Here's the documentation that pertains to configuration of the HEC component in Splunk:

https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector

blueprism-akin · ‎11-29-2023

Hi JP,

Thank you for getting back to my message. I have gone through the documentation to enable HEC and generate the token. I also enabled SSL. This is part i am getting confused

<protocol>://<host>:<port>/<endpoint>

in the documentation.

And i have it set as this - https://computer-name:8088/services/collector/event

Is that correct?

_JP · ‎12-01-2023

Assuming that you configured your HEC port to be 8088, that URL looks correct to me. Also, that endpoint expects JSON data - is that what Blue Prism is sending?

There are several REST endpoints you can post to for the Splunk HEC documented here.

Also, here is a page with some curl commands you can use to test out the HEC endpoint locally to rule out where the issue is - that is, if it works with curl, then is there a network issue in between (e.g. firewall).

HTTP Event Collector examples - Splunk Documentation

https://mysplunkserver.example.com:8088/services/collector

Blue Prism Data Gateway integration with Splunk

data

Enterprise Security Content Update (ESCU) | New Releases

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification