[Observability] Publish Pipeline Events to Splunk HEC

Howdy, gang! :rocket:


Let’s use this very nice documentation to send Harness Pipeline outputs to Splunk:

TIP: The name of the Feature Flag you must ask us to enable is APP_TELEMETRY

I’m a big fan of Splunk, but you may expect the same tutorial for ELK soon.

Buckle up! :rocket:

Scenario Description

In this brief tutorial, we’ll take advantage of Splunk HEC to integrate with Harness.
You can check their documentation around this topic here, in case you are not familiar with Splunk’s HTTP Event Collector:


First Step

You just need to create the Splunk HEC and please pay attention to your scenario.
In my case, I have:

  • HTTP and NOT HTTPS (because this is a quick lab);
  • I don’t need indexer acknowledgment;
  • I needed to enable the tokens in the HEC UI.

So, this is my Splunk HEC:

And this is the Global Settings screen:

Second Step

Alright, time to enable the integration!

After you enable the Feature Flag, you can go to the Application that you want to enable the Telemetry.
You will spot a new option at the bottom, called Event Rules.

And this is what I’ll use, to fit my case:
Currently, we cannot put the Token as a Secret, since this is not GA yet.

Third Step

I’ll just click on the Test button and then I’ll check it out in my Splunk Search Head.

Last Step:

Sweet. Time to run a Pipeline:

And it works!!!

Further reading:



<cloud: aws, gcp, azure>
<function: ci,cd, cv, observability, telemetry>
<role: swdev,devops,secops,itexec>
<type: howto, experts>
<category: splunk, observability, verification>