Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.envzero.com/llms.txt

Use this file to discover all available pages before exploring further.

Splunk logo Splunk is one of the most popular data platforms for searching, analyzing, visualizing and acting on your data.
env zero has the ability to send all of your deployment logs and audit logs directly to your Splunk account.

Setup

Here are the steps to configure it:
  1. The integration with Splunk uses the HTTP Event Collector, so you will need to set up it in your Splunk instance:
  1. While creating a new HTTP Event Collector you will also create a token. Make sure the token has access to the index you would like to use. You will need this token to configure the integration inside the env zero platform.
  2. By default, env zero uses an index called env0-deployment-logs-index for deployment logs and an index called env0-audit-logs-index for audit logs.
    To create an index for audit logs follow this guide. The deployment logs’ index name can be it can be overridden. Either create the env0-deployment-logs-index index, or use an existing index.
  3. By default env zero will use sourcetype: env0-sourcetype, source: env0-deployment-logs-source for deployment logs and source: env0-audit-logs-source for audit logs - this can not be overridden.
  4. There are two ways to configure the integrations:

    1. In the env zero app

      In the organization’s integrations page, click on Splunk and fill the form’s fields:
      Splunk integration configuration form showing fields for Splunk setup in env0 organization

    2. Using environment variables

      In the env zero platform you will need to configure the following environment variables in any scope you would like to have them:
      Environment variable nameDescriptionMandatory
      ENV0_SPLUNK_URLThe URL of your Splunk instance in the following format: <protocol>://<instance url/ip>:<port>. For example: https://example.splunkcloud.com:8088Yes
      ENV0_SPLUNK_TOKENThe HTTP Event Collector token value. This is usually a GUID format token. For example: a90c7a14-8aac-4523-bbbb-dea20352aa4dYes
      ENV0_SPLUNK_INDEXThe index you would like env zero to push the data to.No - Default: env0-deployment-logs-index
      *These environment variables can only override deployment logs forwarding configuration

Next steps