SureMDM

Splunk Configuration

To configure in Splunk, follow these steps:

1.  Navigate to Splunk and create an account.

2.  After successful creation of an account, go to Instances and click Access Instances.

3.  Click Settings > Data Inputs.

4.  In the Data Inputs section, click HTTP Event Collector.

5.  In the HTTP Event Collector section, click New Token.

6.  Enter a Name and click Next.

7.  In the Input Settings section, select the following options and click Review.

•       Source Type - Automatic
•       App Context - Search & Reporting(search) 
•       Index - Main

8.  Check the entered details and click Submit.

     Token will be generated and displayed as Token Value.

9. Navigate back to HTTP Event Collector section and click Global Settings.

10.  In the Edit Global Settings prompt, select Enabled for All Tokens and click Save.

11.  In the HTTP Event Collector section, copy the Token Value and URL (displayed on the browser). 

        Note: Token Value and URL copied here will be used while configuring SIEM settings in SureMDM Web Console.