Skip to content

[Logs] Fix format and clarify example #26205

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Nov 5, 2025
+6 −6
Merged

[Logs] Fix format and clarify example #26205

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d4e0c4f
Fix format and clarify example
angelampcosta Oct 31, 2025
e5f014f
Add example
angelampcosta Oct 31, 2025
92b46ba
Update src/content/docs/logs/logpush/logpush-job/enable-destinations/…
angelampcosta Oct 31, 2025
664eefd
Corrects example
angelampcosta Oct 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions src/content/docs/logs/logpush/logpush-job/enable-destinations/splunk.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ The [HTTP Event Collector (HEC)](https://dev.splunk.com/enterprise/docs/devtools
5. Enter or select the following destination information:
- **Splunk HEC URL**
- **Channel ID** - This is a random GUID that you can generate using [guidgenerator.com](https://guidgenerator.com/).
- **Auth Token** - Event Collector token.
- **Auth Token** - Event Collector token prefixed with the word `Splunk`. For example: `Splunk 1234EXAMPLEKEY`.
- **Source Type** - For example, `cloudflare:json`. If you are using the [Cloudflare App for Splunk](https://splunkbase.splunk.com/app/4501), refer to the appropriate source type for the corresponding datasets under the **Details** section. For instance, for Zero Trust Access requests logs, the source type is `cloudflare:access`.
- **Use insecure skip verify option** (not recommended).

Expand Down Expand Up @@ -69,12 +69,12 @@ To create a job, make a `POST` request to the Logpush jobs endpoint with the fol
- Using the command line. For example: `python -c 'import uuid; print(uuid.uuid4())'`.
- **\<INSECURE_SKIP_VERIFY>**: Boolean value. Cloudflare recommends setting this value to `false`. Setting this value to `true` is equivalent to using the `-k` option with `curl` as shown in Splunk examples and is **not** recommended. Only set this value to `true` when HEC uses a self-signed certificate.

:::note
Cloudflare highly recommends setting this value to <code class="InlineCode">false</code>. Refer to the [Logpush FAQ](/logs/faq/logpush/) for more information.
:::
:::note
Cloudflare highly recommends setting this value to `false`. Refer to the [Logpush FAQ](/logs/faq/logpush/) for more information.
:::

- `<SOURCE_TYPE>`: The Splunk source type. For example: `cloudflare:json`.
- `<SPLUNK_AUTH_TOKEN>`: The Splunk authorization token that is URL-encoded. For example: `Splunk%20e6d94e8c-5792-4ad1-be3c-29bcaee0197d`.
- **\<SOURCE_TYPE>**: The Splunk source type. For example: `cloudflare:json`.
- **\<SPLUNK_AUTH_TOKEN>**: The Splunk authorization token that is URL-encoded and must be prefixed with the word `Splunk`. For example: `Splunk e6d94e8c-5792-4ad1-be3c-29bcaee0197d`.

```bash
"splunk://<SPLUNK_ENDPOINT_URL>?channel=<SPLUNK_CHANNEL_ID>&insecure-skip-verify=<INSECURE_SKIP_VERIFY>&sourcetype=<SOURCE_TYPE>&header_Authorization=<SPLUNK_AUTH_TOKEN>"
Expand Down
Loading