Hello, I know there are a few questions on there on this already, I have taken all the advice I can find from forums and documentation. I will try to provide lots of detail.
I am trying to get Jenkins to send all logs to Splunk, I am trying to go straight to our Splunk Cloud instance (I could go to the HF first if that would make sense). Currently none of the Jenkins dashboards on the Splunk app are populating.
Using the Jenkins Splunk Plugin (latest version) with no customization, I do get a successful connection test entering just the required parameters which I can see in Splunk search from the new HEC input I configured.
5/7/19 12:27:04.625 PM
ping from jenkins plugin
raw event ping
host = xxxxxx source = http:jenkins sourcetype = httpevent
From research I found that with the latest version of the Splunk Plugin on the Jenkins side that you do not need to customize any of the events or metadata and then everything will be sent.
Here are some other things I could not find documented anywhere:
- What are the indexes supposed to be on the HEC Input config? I originally had just main but then added all the Jenkins related ones, not sure how that is supposed to work.
Note: I just noticed I also need to use this since we have Pipeline jobs:
https://wiki.jenkins.io/display/JENKINS/Splunk+Plugin+for+Pipeline+Job+Support
I need to have someone else install that and I will update this ticket when I get to try the addiontal plugin. I will note that for some reason the Connection Test is no longer working, the only change was Splunk Support making the HEC public facing.