Edit

Share via


Set up a Splunk Connector

Integrating Splunk with Edge for Business enables organizations to better collect, analyze, and extract insights from security events. Send browser events directly to Splunk for more visibility across managed browsers to make better-informed security decisions. 

Set up an HTTP Event Collector

Follow the steps here to set up an HTTP event collector in Splunk.

Configure the Connector in the Edge Management Service

  1. Navigate to Microsoft Admin Center.

  2. Under Discover Connectors, find the Splunk Reporting Connector and select Set up.

  3. In the Choose policy field, select a policy for your Connector configuration.

  4. Enter the following fields:

    • Host address
    • Port
    • Token ID

    Note: Only enter your domain name, not the full path to your Splunk HEC. Adding the full path results in an error because the services/collector/event portion is appended programmatically.

  5. Select Test Connection to confirm the Connection is successful.

  6. Under User & Browser events, select the desired browser events to be sent to the Splunk endpoint.

  7. Select the desired Optional events and Devices events.

  8. Select Save configuration.

See the Events in Splunk

Once you have set up the HTTP event collector and have configured the connector in the Microsoft Edge Management Service, you'll start to see the events show up in Splunk.