Close popover

Table of Contents

Streaming Pega logs to Splunk

Pega Cloud® Services offers add-on Pega Platform™ log streaming. By integrating an existing Splunk service with Pega Cloud Services, you can customize your Pega Platform application monitoring and more efficiently manage your Pega Platform logs. Log streaming gives you continual access to the Pega Platform logs in any of your Pega Cloud environments.

To implement this Splunk integration, you must make a request by selecting New request in My Support Portal and include your Splunk information in the request. For the latest documentation on making requests, see My Support Portal: New Design, Streamlined Features.

Requirements and limitations

The current integration of Splunk with Pega Cloud Services requires a public connection over the internet. Pega Cloud Services does not support Splunk integration through a VPN at this time.

Streaming Pega Platform logs to a Splunk service requires that an administrator for your Pega Cloud account makes a request that includes your Splunk authentication details that Pega Cloud Services will use to configure your Splunk connection.

To obtain these details, enable the HTTP Event Collector (HEC) for your organization’s Splunk account. Enabling HEC requires a Splunk administrator role.

Provide the following details to Pega Support :

  • SPLUNK_HEC_URL: The URL address for your Splunk HEC endpoint. Include input- before the URL. For example:

    <input-splunkdomain:port>/services/collector

  • SPLUNK_HEC_TOKEN: The authentication token to permit Pega Cloud Services access to Splunk for log streaming.
Gathering the required Splunk authentication information to include in your Pega Cloud Service Request

When creating your Splunk HEC token, perform the following tasks from the Splunk application:

  • Enable Secure Socket Layer (SSL) during the token creation.
  • Disable the Indexer Acknowledgement.
  • Optional: Edit the SPLUNK_HEC_URL port number during the token creation.
  • Copy the SPLUNK_HEC_TOKEN into a text file.
  • Copy the SPLUNK_HEC_URL into the same text file.

    Include input- before the URL.

    The procedure for enabling HEC for your Splunk account varies by the version of Splunk that you are using. See the Splunk documentation for more information.

Authenticating connectivity to Splunk

In order to authenticate Splunk connectivity from your machine, you must perform an SSL connection to Splunk with the process described below.

  1. From the command prompt, enter the following cURL command:

    curl -k <SPLUNK_HEC_URL> -H "Authorization: Splunk <SPLUNK_HEC_TOKEN>" -d '{“event": “Pega Splunk Test“}' -v

  2. Confirm the success or failure of the Splunk connection. If you connected to Splunk successfully, the cURL command returns the following JSON string:

    {"text":"Success","code":0}

Requesting the log streaming service

After you have your Splunk authentication information and have authenticated connectivity to Splunk, make a request that include a securely-encrypted archive of the Splunk authentication information that Pega Cloud Services will use to configure your Splunk connection.

Transferring secure file by Box
  1. Log in to your My Support Portal account.
  2. Select New request in My Support Portal.
  3. In the service request, request a file transfer using Box.

    The Pega Support team sends you a Box link.

  4. Upload the text file that contains the SPLUNK_HEC_TOKEN and SPLUNK_HEC_URL to the Box folder.
Archiving text file with password
  1. Log in to your My Support Portal account.
  2. Select New request in My Support Portal.
  3. Add the text file that contains the SPLUNK_HEC_TOKEN and SPLUNK_HEC_URL to a compressed archive that is password protected.
  4. Send the archive file with your service request.
  5. Contact the Pega Support team by email or call and tell them the password.
Allowing Pegasystems Inc. to download the file from your personal SFTP server
  1. Log in to your My Support Portal account.
  2. Select New request in My Support Portal.
  3. Upload the text file that contains the SPLUNK_HEC_TOKEN and SPLUNK_HEC_URL to your personal Secure File Transfer Protocol (SFTP) server. For more information about SFTP, see Pega Cloud SFTP service.
  4. Contact the Pega Support support team by email or by calling and give them the credentials for the SFTP server.
After the Pega Cloud Services team receives your request and authentication details file, Pega Cloud Services authenticates Splunk connectivity from your Pega Cloud Services environment.

After authenticating connectivity, the Pega Cloud Services team completes the add-on integration with Splunk and notifies you that your environment has been updated.

Confirming that the log streaming service is active

After you receive confirmation from the Pega Cloud Services team that the Splunk service integration is complete, your Pega Platform logs are searchable in the Splunk GUI. For example, PegaCLUSTER and PegaRULESV1.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.