First, configure Lumeta to export notifications to a Splunk server.
On your Lumeta Command Center, browse to Settings > Spectre Systems
NOTE: "Lumeta" was previously known as "Spectre."
In the CEF Notifications pane, on the Configuration tab, supply the host name or IP address of your Splunk server, the number of the port you want to communicate over (e.g., 9997) and protocol (e.g., TCP).
Create an API Key
You will need an API key later, when configuring Lumeta input on your Splunk server. Generate one using this procedure.
To generate the API key:
- On your Lumeta Command Center, browse to Settings > Users.
- Select a username row and click Edit.
- On the API Key dropdown, select the Copy option.
The API key is copied to the clipboard.
- Paste the API key to a notepad file for later.
The next step is performed on your Splunk server.