Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Integrating Splunk with Edge for Business enables organizations to better collect, analyze, and extract insights from security events. Send browser events directly to Splunk for more visibility across managed browsers to make better-informed security decisions.
Set up an HTTP Event Collector
Follow the steps here to set up an HTTP event collector in Splunk.
Configure the Connector in the Edge Management Service
Navigate to Microsoft Admin Center.
- Admins must set up a configuration policy to assign to any Connector configuration. Follow this guide to create a configuration policy.
- Once you have at least one configuration policy created, visit the Connectors page in the Edge Management Service to access the Connectors page in the Edge Management Service.
Under Discover Connectors, find the Splunk Reporting Connector and select Set up.
In the Choose policy field, select a policy for your Connector configuration.
Enter the following fields:
- Host address
- Port
- Token ID
Note: Only enter your domain name, not the full path to your Splunk HEC. Adding the full path results in an error because the
services/collector/event
portion is appended programmatically.Select Test Connection to confirm the Connection is successful.
Under User & Browser events, select the desired browser events to be sent to the Splunk endpoint.
Select the desired Optional events and Devices events.
Select Save configuration.
See the Events in Splunk
Once you have set up the HTTP event collector and have configured the connector in the Microsoft Edge Management Service, you'll start to see the events show up in Splunk.