Tutorial: [Observability] Publish Pipeline Events to Splunk HEC

Let’s use this very nice documentation to send Harness Pipeline outputs to Splunk.

TIP: The name of the Feature Flag you must ask us to enable is APP_TELEMETRY.

I’m a big fan of Splunk, but you may expect the same tutorial for ELK soon.

Buckle up! 

Scenario Description - Using Splunk HEC with Harness

In this brief tutorial, we’ll take advantage of Splunk HEC to integrate with Harness. You can check their documentation around this topic, in case you are not familiar with Splunk’s HTTP Event Collector.

Tutorial - Publishing Pipeline Events to Splunk HEC

First Step

You need to create the Splunk HEC. Please pay attention to your scenario. In my case, I have:

• HTTP and NOT HTTPS (because this is a quick lab);
• I don’t need indexer acknowledgment;
• I needed to enable the tokens in the HEC UI.

So, this is my Splunk HEC:

And this is the Global Settings screen:

Second Step

Time to enable the integration!

After you enable the Feature Flag, you can go to the Application that you want to enable the Telemetry. You will spot a new option at the bottom called Event Rules.

This is what I’ll use to fit my use case:

Note: We cannot put the Token as a Secret since this is not GA yet - keep your eyes peeled!

Third Step

I’ll click on the Test button and then I’ll check it out in my Splunk Search Head.

Last Step:

Time to run a Pipeline:

And it works!

This was a very quick tutorial! But like I said, I may create one for ELK as well, so keep checking back for updates!

Any questions or comments? Let me know - I'm always happy to help.

Gabriel