Push Help Center
Ready to help
Help for administrators
Help for admins
Help for employees
Help for employees
Help for administrators
Documentation for administrators
1
Getting started
2
Administering Push
3
Add employees
4
Install the browser extension
5
Manage security controls
6
Manage SaaS accounts and apps
7
Connect to SIEM or SOAR
Ingesting events using Azure Monitor and Microsoft Sentinel
Ingesting events using Panther
Ingesting events using Datadog
Ingesting events using Cribl Cloud
Ingesting events using Splunk Cloud
Ingesting events using Tines
Send webhook events to Slack

Ingesting events using Splunk Cloud

In this section:

Configure Splunk Cloud to allow for ingesting Push webhook logs.

Configure the log source in Splunk Cloud

To use the HTTP Event Collector (HEC), you must configure at least one token. Splunk Cloud distributes the token across the deployment. Note that the token will not ready for use until distribution is complete.

In the Splunk Cloud console, go to Settings > Data inputs.

Splunk SIEM setup - data inputs

Choose HTTP Event Collector.

Splunk SIEM setup - event collector

Select New Token in the top right and configure the token for your environment.

Splunk SIEM setup - new token

Then go back to the Data inputs page and copy the Token Value.

Splunk SIEM setup - token value

Configure the integration in Push

In the Push admin console, go to Settings > Integrations and select the Splunk Cloud tile.

Input the Token Value and your Splunk Cloud HTTP Event Collector URL.

Your URL should be similar to https://your-instance.splunkcloud.com:443/services/collector/event

Splunk SIEM setup - tile config

When you've entered those values, click Connect.

Need more help?
Questions, feedback, tech support, sales support - anything you need.
We’ll get back to you within a day.