| Note | ||
|---|---|---|
| ||
If you set the Source as BloxOne Universal DDI or BloxOne or Infoblox Threat Defense Cloud and the destination as Splunk Cloud, a BloxOne Data a Infoblox Data Connector Instance is still required to pass the logs from BloxOne from Infoblox to Splunk Cloud |
To add Splunk Cloud as a destination in the Cloud Service the Infoblox Portal, complete the following:
Log in to the Cloud Service the Infoblox Portal, click Manage click Configure > Integrations > Data Connector.
On the Destination Configuration tabConfiguration tab, choose Splunk Cloud from the Create drop-down list.
In the Create Splunk Cloud Destination Configuration dialog, complete the following:
Name: Enter the name of the destination. Select a name that best describes the destination and can be distinguished from other destinations. Enter up to 256 characters.
Description: Enter the description of the destination, up to 256 characters.
State: Use the toggle switch to enable or disable the destination configuration. The State is disabled by default. If the destination configuration is disabled, you will not be able to select this destination when creating a traffic flow.
Tags: Click Add and specify the following to associate a key with the destination:
KEY: Enter a meaningful name for the key, such as a location or department.
VALUE: Enter a value for the key. For details, see Managing Tags.
Config Options: Choose config options either to Configure manually or Import configuration. The default is Configure manually. If you set the Source as BloxOne Universal DDI or BloxOne or Infoblox Threat Defense Cloud Platform and the destination as Splunk Cloud, a BloxOne Data a Infoblox Data Connector Instance is still required to pass the logs from BloxOne from Infoblox to Splunk Cloud.
Configure manually: Configure the following sections manually.
Import configuration:
Splunk Cloud Configuration Import: Click Select file, browse to the respective path, and then upload the Universal Forwarder Credentials file that you downloaded from Splunk Cloud. When the upload is successful, the following fields are auto-populated from the uploaded file. Review all the field values and click Save & Close to create the destination.
To download the Universal Forwarder Credentials file :From your Splunk Cloud Platform instance, go to Apps > Universal Forwarder.
Click Download Universal Forwarder Credential.
In the CONNECTION DETAILS section, complete the following:
FQDN/IP & Port: Enter the FQDN or the IP address of the Splunk indexer along with the port to which you want the Data Connector to send data. For Configure manually, user can add multiple destination servers separated by commas.
Index Name: Enter the name of the Splunk index. An index is a collection of directories and files that are located under $SPLUNK_HOME/var/lib/splunk. To view indexes, navigate to Settings > Indexes in Splunk Cloud.
Log Format: Choose one of the following log format from the drop-down menu:
Splunk CIM: Choose this to send data in CIM (Splunk Common Information Model) format.
Infoblox Legacy: Choose this to send data in CSV format.
Depending on your selection, the log messages you have chosen will be sent to Splunk Cloud in the selected format.
(For secure mode only) In the Forwarder Certificate section, complete the following:
Forwarder Certificate: Click Select file, browse to the respective path, and then upload the forwarder certificate for the Splunk Cloud forwarder. You need to first generate a certificate request in .PEM format. This certificate request must be signed by the third-party Certification Authority for you to get a forwarder certificate. For more information, refer to the Splunk Cloud documentation.
Certificate Key Passphrase: Enter the key passphrase for the certificate.
(For secure mode only) In the CA Certificate section, click Select file, browse to the respective path, and upload the CA signed certificate for the Splunk Cloud indexer.
Click Save & Close to create the destination.
If you set the Source as BloxOne Universal DDI or BloxOne or Infoblox Threat Defense Cloud and the destination as Splunk Cloud, a BloxOne Data a Infoblox Data Connector Instance is required to pass the logs from BloxOne from Infoblox to Splunk Cloud.