Splunk Cloud Platform

MongoDB Atlas Logs Into Splunk

anandhalagaras1
Communicator

Hi All,

Our Splunk infrastructure, encompassing the Search Head, Cluster Master, Indexers, and License Master, is situated in the Cloud and managed by Splunk Support.

Recently, there was a request from one of our application teams to integrate and ingest MongoDB Atlas (Host & Audit) logs into Splunk. Following the provided documentation, the application team attempted to install the Splunk OpenTelemetry (otel) connector on a Linux VM for a Proof of Concept (POC). In the process, they requested the generation of a token, which I fulfilled by generating one from our Splunk Cloud Search head. Unfortunately, the attempted integration did not yield the expected results.

I am now seeking clarification on whether the token generated from the Splunk Search head is adequate, or if there is a need to generate an Organizational access token. If the latter is necessary, I would appreciate guidance on where and how to generate it. As the administrator of our Splunk Cloud instances, I am curious about the role of Splunk OpenTelemetry and whether it is included with Splunk Cloud. We receive multiple requests from users wanting to send OTEL logs into Splunk. If Splunk OpenTelemetry is indeed included, I would appreciate guidance on generating the organizational token and where this process should take place.

 

https://docs.splunk.com/observability/en/gdi/opentelemetry/components/mongodb-atlas-receiver.html

https://docs.splunk.com/observability/en/gdi/opentelemetry/collector-linux/install-linux.html#otel-i...

https://docs.splunk.com/observability/en/admin/authentication/authentication-tokens/org-tokens.html#...

 

As I examine the documentation, it explicitly mentions Splunk Observability. I seek confirmation that I am following the correct procedure. The user attempted the installation using the same base64-encoded access token, but unfortunately, the result was once again unsuccessful. Additionally, the user has confirmed that there is internet access from the VM.

At this juncture, we require guidance on how to generate an "organizational access token" to facilitate the integration process.

 

Can anyone kindly check and guide me on this please.

 

 

0 Karma

Bote
Observer

@anandhalagaras1 I am curious since I am working on a similar project, were you able to figure this out? I would appreciate it if you could share your response and your findings.

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...