# Sending Data to Splunk

> In this topic you can learn how to use the insights real-time data export feature to send data to Splunk and use it there.

## Overview

In this topic you can learn how to use the insights real-time data export feature to send data to Splunk and use it there.

## Prerequisites

:::note
[Configure real-time data export](https://docs.uipath.com/insights/automation-cloud/latest/user-guide/configure-real-time-data-export#configure-real-time-data-export) before configuring Splunk reporting.
:::

* [Splunk Enterprise version 9.0.0 and higher](https://www.splunk.com/en_us/download/splunk-enterprise.html).
* [Splunk Enterprise deployed inside a Docker container (documentation version 9.0.0)](https://docs.splunk.com/Documentation/Splunk/9.0.0/Installation/DeployandrunSplunkEnterpriseinsideDockercontainers).
* [Splunk Add-on for Microsoft Cloud Service](https://splunkbase.splunk.com/app/3110) to consume data through Event Hubs.

## Configure Splunk integration with Event Hubs

### Configure Splunk Add-on for Microsoft Cloud Services integration with Azure Event Hub.

The following table lists the components used for consuming Event Hubs data.

| Component | Description |
| --- | --- |
| **Inputs** | A reader from a data source (e.g., EventHub added by the Microsoft Data Services add-on. |
| **Indexes** | Storage of data from the inputs that can be queried. |
| **Search and Reporting** | Data exploration from ad-hoc queries to persistent dashboards |

### Create event Index

You need to create an event index to integrate with Event Hubs.

[Define a new index in Splunk](https://docs.splunk.com/Documentation/Splunk/9.0.1/Indexer/Setupmultipleindexes)

  ![Screenshot of the New Index page.](https://dev-assets.cms.uipath.com/assets/images/insights/insights-docs-image-158040-fa8fa83a-ef4e317f.webp)

:::note
Consider using default values unless you want specific index settings.
:::

### Set up Azure connection

To authenticate Splunk with Azure, you need to [create an Azure AD application and a service principal](https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal).

1. Sign in to `portal.azure.com`.
2. Register an application with Azure AD and create a service principal.
3. [Connect to Splunk Add-on for Microsoft Cloud Services](https://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Configureazureappaccount) using the Client ID / Tenant ID (**Directory (tenant) ID** in Azure). Alternatively, you can use Client secret.

   ![Screenshot of the Directory (tenant) ID field.](https://dev-assets.cms.uipath.com/assets/images/insights/insights-docs-image-157075-35538b14-3541fd3c.webp)

### Add data through Splunk Web

Define input and ingest data into the index.

[Add data input using Splunk Web](https://docs.splunk.com/Documentation/SplunkCloud/9.0.2208/Data/Configureyourinputs) and configure the following settings:

* **The Azure Event Hub Namespace (FQDN)**
* **The Azure Event Hub Name**
* **The Azure Event Hub Consume Group**
  :::note
  Use **More options** to set the preferred index defined in [Create event index](https://docs.uipath.com/insights/automation-cloud/latest/user-guide/splunk#create-event-index).
  :::

  ![Screenshot of the Azure Event Hub Conume Group page.](https://dev-assets.cms.uipath.com/assets/images/insights/insights-docs-image-157628-f4add597-8045c274.webp)

## Explore data

To explore the dataset you can start [sampling available data](https://docs.splunk.com/Documentation/SplunkCloud/latest/Knowledge/Exploreadataset#Open_the_Explorer_view_for_a_dataset).

Refine the data by filtering and grouping (e.g., see recent count of events for jobs).