Splunk Cloud Platform

MongoDB Atlas Logs Into Splunk

anandhalagaras1
Contributor

Hi All,

Our Splunk infrastructure, encompassing the Search Head, Cluster Master, Indexers, and License Master, is situated in the Cloud and managed by Splunk Support.

Recently, there was a request from one of our application teams to integrate and ingest MongoDB Atlas (Host & Audit) logs into Splunk. Following the provided documentation, the application team attempted to install the Splunk OpenTelemetry (otel) connector on a Linux VM for a Proof of Concept (POC). In the process, they requested the generation of a token, which I fulfilled by generating one from our Splunk Cloud Search head. Unfortunately, the attempted integration did not yield the expected results.

I am now seeking clarification on whether the token generated from the Splunk Search head is adequate, or if there is a need to generate an Organizational access token. If the latter is necessary, I would appreciate guidance on where and how to generate it. As the administrator of our Splunk Cloud instances, I am curious about the role of Splunk OpenTelemetry and whether it is included with Splunk Cloud. We receive multiple requests from users wanting to send OTEL logs into Splunk. If Splunk OpenTelemetry is indeed included, I would appreciate guidance on generating the organizational token and where this process should take place.

 

https://docs.splunk.com/observability/en/gdi/opentelemetry/components/mongodb-atlas-receiver.html

https://docs.splunk.com/observability/en/gdi/opentelemetry/collector-linux/install-linux.html#otel-i...

https://docs.splunk.com/observability/en/admin/authentication/authentication-tokens/org-tokens.html#...

 

As I examine the documentation, it explicitly mentions Splunk Observability. I seek confirmation that I am following the correct procedure. The user attempted the installation using the same base64-encoded access token, but unfortunately, the result was once again unsuccessful. Additionally, the user has confirmed that there is internet access from the VM.

At this juncture, we require guidance on how to generate an "organizational access token" to facilitate the integration process.

 

Can anyone kindly check and guide me on this please.

 

 

0 Karma

Bote
Observer

@anandhalagaras1 I am curious since I am working on a similar project, were you able to figure this out? I would appreciate it if you could share your response and your findings.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...