HCP Vault Monitoring

Configure HCP Vault Metrics Streaming to Splunk

  • 2min

  • HCP
  • Vault

This tutorial covers configuration of HCP Vault metrics streaming to and data visualization in your existing Splunk environment. For details on metrics scope and interpretation, see the HCP Vault Metrics Guidance.

Availability: HCP Vault metrics streaming is available for all production grade clusters. The feature is not available for Development tier clusters.

Prerequisites

To configure metrics streaming to Splunk, you will need to have:

  • Have access to a paid Splunk Cloud or Enterprise account.

    Note: Splunk Cloud Trial account would not work with HCP Vault as its HEC (HTTP Event Collector ) listener is hosted using a self signed certificate that HCP won't trust.

  • Your Splunk HEC and token.

    Note: HEC endpoint should be created using events and not metrics index in Splunk.

  • An account with Admin or Contributor role assigned in HCP

  • A production grade HCP Vault cluster

If you don't have a cluster running, refer to the Create a Vault Cluster on HCP tutorial to create an HCP Vault cluster through HCP Portal. Or, refer to the Deploy HCP Vault with Terraform tutorial to provision an HCP Vault cluster using Terraform.

Enable metrics streaming

  1. From the HCP Vault cluster Overview page, select the Metrics view. HCP Vault Portal

  2. If you have not configured metrics streaming before, click Enable streaming.

  3. From the Stream Vault metrics view, select Splunk as the provider.

  4. Under Splunk Configuration, enter your HTTP Event Collector (HEC) Endpoint URL and event collector Token. Select Provider

  5. Click Save.

    NOTE: At this time, HCP Vault only supports streaming audit logs and metrics to only one SIEM platform respectively at any given time.

  6. HashiCorp has created a sample HCP Vault Splunk dashboard template for metrics visualizations. Splunk dashboard templates are distributed as Splunk apps. If you prefer to use the sample dashboard template, follow the Splunk instructions for adding a Splunk app to your Splunk Enterprise or Cloud environment. Sample Splunk Dashboard

Edit the metrics streaming configuration

To edit a metrics streaming integration, perform the following steps.

  1. From the Metrics page, click on the Manage drop-down, then Edit configuration.

  2. Edit the configuration, then click Save.

Disable metrics streaming

To disable a metrics streaming integration, from the Metrics page, click on the Manage drop-down, then Disable streaming.

Previous
Next