Versions Compared

Old Version 10

changes.mady.by.user John Gerlock

Saved on

compared with

New Version Current

changes.mady.by.user John Gerlock

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Once you have configured your integration, you can find the find the Webhook Schema here

Configuring Splunk to receive events from Data Theorem

...

Step 2: Create an new index for HEC events from DT

  1. Click Settings > Indexes

  2. Click New Index

  3. Configure Your Index

...

Index name: Whatever you want. This example uses “dtevents”

...

Step 3: Create an HEC Token

  1. Click Settings > Data Inputs

  2. Click HTTP Event Collector > Actions > +Add New

Add New HEC Token Page 1 of 4

...

Code Block
{"text":"Success","code":0}

Step 5:

...

Email to support@datatheorem.com the following information:

  • Splunk HEC URL

  • Splunk HEC Token Value

  • Name Of Integration (may contain letters, numbers, dashes, underscores, and spaces)

...

Configure Your Splunk Integration

  1. Navigate to Create New Integration Page on Data Theorem’s Portal

  2. Name your Splunk Integration

...

3. Enter Splunk HEC Details

...

4. Select Events To Send To Splunk

...

Viewing Data Theorem Events In Splunk

...

Code Block
event.data.violated_policy_rule_type_name=AWS_S3*

References

Data Theorem Event Message Schema

Data Theorem Splunk Dashboard Example

...