This repository will deploy a Splunk Enterprise instance into AWS and pre-configure some indexes and dashboards to collect logging and telemetry from HashiCorp Vault, HCP Vault and Terraform Cloud for Business.
- Clone the repo to your own github account
- Connect the repo to a new TFC worksapce using the VCS workflow
- Ensure that the essential variables are configured:
- AWS Credentials
- Prefix, Email, ttl and name
- splunk_domain
- Create an initial plan via the TFC UI
- If all the above is done correctly, you'll have a working splunk environment at the output of the
splunk_url
- There are three main integration points for Splunk Dashboards:
- HCP Only
- On-Premises Vault
- Terraform Cloud
- For a HashiCorp SE - the easist method is to collect the zipped files and deploy them directly to splunk. You'll need to collect these from a colleague and they should not be shared.
- Login to the splunk dashboard
- In the left-hand-side navigation, click the cog next to
Apps
- Click
Install App From File
and upload the zipped file - Restart Splunk as part of the process
- Navigate to Terraform Cloud for Splunk App
- Continue to app setup page
- Create a TFC Organization Token and apply it into the setup
- Start using the dashboards, etc
- Login to the splunk dashboard
- In the left-hand-side navigation, click the cog next to
Apps
- Click
Install App From File
and upload the zipped file - Restart Splunk as part of the process
- Within the Splunk UI ensure that the collector token is enabled:
- Settings -> Data Inputs -> HTTP Event Collector -> Global Settings -> All Tokens = Enabled
- Collect the Token Value for the
HCP_Vault_Events
- Open HCP Dashboard and navigate to your Vault cluster and then Metrics
- Configure the Splunk app with your HEC and token from above
- HEC Might look something like
https://splunk.cameron.aws.hashidemos.io:8088
- Note: there is no need to use the example from the HCP-V tutorial or from Splunk website!
- HEC Might look something like