If you have installed the Splunk integration, you can configure the Streaming Add-On, which enables you to use the streammoog command to send results from the Splunk search pipeline as alerts to Moogsoft AIOps.

The Splunk Streaming Add-On is compatible with distributed deployments. If you are installing the Add-On in a distributed deployment, you only need to do so on the search head.

## Before You Begin

The Streaming Add-On has been validated with Splunk v7.2 and v7.3. Before you start to set up your integration, ensure you have met the following requirements:

• You have an active Splunk account.

• You have installed the Splunk integration in Moogsoft AIOps.

• You have the permissions required to run the streammoog command in Splunk.

• Splunk can make requests to external endpoints over port 443.

## Configure the Splunk Streaming Add-On Integration

To configure the Streaming Add-On integration:

1. Navigate to the Integrations tab.

2. Click Splunk Streaming Add-On in the Monitoring section.

3. Provide a unique integration name. You can use the default name or customize the name according to your needs.

## Configure the Splunk Streaming Add-On

Log in to Splunk and install the Streaming Add-On in order to allow search results to be streamed from Splunk to Moogsoft AIOps.

1. Install the Streaming Add-On from Apps in the console or from Splunkbase, the Splunk marketplace.

If you are using on-premises versions of Splunk and Moogsoft AIOps, copy the server.pem file to <splunk_home>/etc/apps/TA-Moogsoft-Streaming/bin/.

### Note

You can also store or copy a Moogsoft AIOps certificate in <splunk_home>/etc/apps/TA-Moogsoft-Streaming/local.

To do this, configure the relative path in the 'Moogsoft Certificate Path' with '../local/server.pem'.

2. Configure the Streaming Add-On to enable search results to be streamed as follows:

Field

Value

Moogsoft Integration URL

<url of the integration>

For example: https://<localhost>/events/splunk_lam_splunk1

Select a default severity to assign. Clear, Info, Minor, Major, Critical.

Moogsoft Certificate Path

Enter your certificate location if using an on-premises version of Moogsoft AIOps and Splunk. Otherwise leave empty.

Max Batch Size (KB)

Enter the maximum batch size of result sets to send to Moogsoft AIOps . The batch size cannot be smaller than 1024 kilobytes; there is no upper limit.

3. Save the changes.

After you complete the configuration, you can use the streammoog command in the Splunk search pipeline to send search results as alerts to Moogsoft AIOps. For more information on using the streammoog command, see the Splunk documentation.