Get Splunk Token

How to setup the HTTP Event Collector and acquire the HEC token is described in the official documentation.

Upload Splunk Token to Vault

Create or update the secret in Vault.

You need to be logged in to Vault for the commands to work.

# Adjust to your environment
instance=#INSTANCE_NAME
token=#TOKEN_FROM_SPLUNK
key="clusters/kv/${TENANT_ID}/${CLUSTER_ID}/openshift4-splunk-forwarder/${instance}/splunk"

# Query for existing secrets first
vault kv get "${key}"

# If there are existing secrets, add your instance secrets:
vault kv patch "${key}" token=${token}

# If there is no pre-existing secret, create new:
vault kv put "${key}" token=${token}