Skip to main content

Splunk SignalFx

Splunk SignalFx is a cloud-native monitoring and observability platform that provides real-time metrics, tracing, and alerting capabilities to help DevOps teams monitor application performance and infrastructure health.

Splunk SignalFx icon

Power end-to-end data operations for your Splunk SignalFx API with Nexla. Our bi-directional Splunk SignalFx connector is purpose-built for Splunk SignalFx, making it simple to ingest data, sync it across systems, and deliver it anywhere — all with no coding required. Nexla turns API-sourced data into ready-to-use, reusable data products and makes it easy to send data to Splunk SignalFx or any other destination. With comprehensive monitoring, lineage tracking, and access controls, Nexla keeps your Splunk SignalFx workflows fast, secure, and fully governed.

Features

Type: API

SourceDestination

  • Seamless API Integration: Connect to any endpoint as source or destination without coding, with automatic data product creation
  • Visual Composition & Chaining: Build complex integrations using visual templates, chain API calls, and compose workflows with data validation and filtering
  • API Proxy: Expose curated slices of your data securely with a secure and customizable API proxy that validates and transforms data on the fly
  • Request optimization with intelligent batching, retry, and caching to minimize API calls and costs

Prerequisites

Before creating a Splunk Observability credential, you need to obtain your Organization Access Token and Organization Realm from your Splunk Observability account. Splunk Observability uses token authentication for all API requests, with the token sent in the X-SF-Token header.

To obtain your Splunk Observability credentials, follow these steps:

  1. Sign in to your Splunk Observability account using your administrator credentials.

  2. Navigate to your profile page in the Splunk Observability UI by clicking your profile icon in the top right corner.

  3. Your Organization Realm will be displayed on your profile page. A Observability realm is a self-contained deployment that hosts organizations. Copy the realm name (e.g., us0, us1, eu0).

  4. Navigate to Organization Settings or Access Tokens in your Splunk Observability account.

  5. Look for the Access Tokens section, which lists your Organization Access Tokens.

  6. If you don't have an Organization Access Token yet, click Create Access Token or Generate Token to create a new Organization Access Token.

  7. Configure your Organization Access Token settings:

    • Enter a name for the token (e.g., "Nexla Integration")
    • Review and select the permissions or scopes for the token (if applicable)
  8. Click Create or Generate to create the Organization Access Token.

  9. Copy the Organization Access Token immediately after it's generated, as it may not be accessible again after you navigate away from the page.

  10. Store both credentials securely, as you will need them to configure your Nexla credential. The Organization Access Token and Organization Realm are sensitive information and should be kept confidential.

The Organization Access Token is sent in the X-SF-Token header for all API requests to the Splunk Observability API. The Organization Realm is used to construct the API endpoint URL (e.g., https://api.{realm}.signalfx.com). The token authenticates your requests and grants access to Splunk Observability resources based on your account permissions. If your Organization Access Token is compromised, you should immediately revoke it in your Splunk Observability account settings and generate a new one. For detailed information about obtaining Organization Access Tokens, API authentication, and available endpoints, refer to the Splunk Observability API documentation.

Authenticate

Credentials required

FieldRequiredSecretDescription
Organization RealmYesNoA SignalFx realm is a self-contained deployment that hosts organizations. You can find your realm name on your profile page in the SignalFx UI.
Organization Access TokenYesYesEnter your SignalFx Org Access Token. You can find them listed as Access Tokens in the SignalFx UI.

Create a credential in Nexla

  1. After selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

New Credential Overlay – Splunk Observability

SplunkObservCred.png
  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

  2. Enter your Organization Realm in the Organization Realm field. This should be your Splunk Observability realm name (e.g., us0, us1, eu0). You can find your realm name on your profile page in the Splunk Observability UI. The realm is used to construct the API endpoint URL (e.g., https://api.{realm}.signalfx.com).

  3. Enter your Organization Access Token in the Organization Access Token field. This is the Organization Access Token you obtained from your Splunk Observability account settings (Organization Settings > Access Tokens). The Organization Access Token is sent in the X-SF-Token header for all API requests to the Splunk Observability API. The Organization Access Token is sensitive information and must be kept confidential.

    Your Splunk Observability credentials can be found in your Splunk Observability account. The Organization Realm can be found on your profile page in the Splunk Observability UI. The Organization Access Token can be found in your Organization Settings > Access Tokens. The Organization Access Token is sent in the X-SF-Token header for all API requests to the Splunk Observability API.

    If your Organization Access Token is compromised, you should immediately revoke it in your Splunk Observability account settings and generate a new one. The Organization Access Token provides access to your Splunk Observability account data and should be treated as sensitive information. Keep your credentials secure and do not share them publicly.

    For detailed information about obtaining Organization Access Tokens, API authentication, realms in endpoints, and available endpoints, see the Splunk Observability API documentation and Realms in Endpoints documentation.

  4. Click the Save button at the bottom of the overlay. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation.

Use as a data source

To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Select the Splunk Observability connector tile, then select the credential that will be used to connect to your Splunk Observability account, and click Next; or, create a new Splunk Observability credential for use in this flow.

Endpoint templates

Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common Splunk Observability endpoints. Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below. Click on an endpoint to see more information about it and how to configure your data source for this endpoint.

Get Events

This endpoint template retrieves a list of events from Splunk Observability Observability Cloud. Use this template when you need to retrieve information about events, including event IDs, timestamps, and other event metadata.

  • Enter the query in the Query field. This should be the search criteria that specifies the events you want the API to return (e.g., is:ok AND sf_notificationWasSent:true). The query determines which events will be retrieved based on the search criteria.

This endpoint returns a list of events from Splunk Observability Observability Cloud that match the specified query criteria. The endpoint uses offset-based pagination with offset parameter to handle large datasets efficiently. Nexla will automatically fetch subsequent pages of data by incrementing the offset parameter.

For detailed information about events, query syntax, API response structures, pagination, and available event data, see the Splunk Observability API documentation.

Retrieve Dashboards

This endpoint template fetches a list of dashboard objects from your Splunk Observability account. Use this template when you need to retrieve information about dashboards, including dashboard IDs, names, and other dashboard metadata. Use the advanced mode for fetching filtered set of dashboards.

  • This endpoint automatically retrieves all dashboards from your Splunk Observability account. The endpoint uses offset-based pagination to handle large datasets efficiently.

This endpoint returns a list of dashboard objects from your Splunk Observability account, including dashboard IDs, names, and other dashboard metadata. The endpoint uses offset-based pagination with offset parameter to handle large datasets efficiently. Nexla will automatically fetch subsequent pages of data by incrementing the offset parameter.

For detailed information about dashboards, API response structures, pagination, query options, and available dashboard data, see the Splunk Observability API documentation.

Once the selected endpoint template has been configured, click the Test button to the right of the endpoint selection menu to retrieve a sample of the data that will be fetched. Sample data will be displayed in the Endpoint Test Result panel on the right, allowing you to verify that the source is configured correctly before saving.

Manual configuration

Splunk Observability data sources can also be manually configured to ingest data from any valid Splunk Observability API endpoint, including endpoints not covered by the pre-built templates, chained API calls, or custom request parameters. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, endpoint URL, date/time and lookup macros, path to data, metadata, and request headers.

Splunk Observability API endpoint URLs must include your realm (e.g., https://api.{realm}.signalfx.com/v2/event/find, https://api.{realm}.signalfx.com/v2/dashboard). For the Response Data Path, use $[*] to extract all items from a response array, $.results[*] to extract items from a results array, or $ for single-record endpoints, depending on your endpoint. Splunk Observability API uses offset-based pagination with an offset parameter for most endpoints.

Once all of the relevant settings have been configured, click the Create button in the upper right corner of the screen to save and create the new Splunk Observability data source. Nexla will now begin ingesting data from the configured endpoint and will organize any data that it finds into one or more Nexsets.

Use as a destination

Click the + icon on the Nexset that will be sent to the Splunk Observability destination, and select the Send to Destination option from the menu. Select the Splunk Observability connector from the list of available destination connectors, then select the credential that will be used to connect to your Splunk Observability account, and click Next; or, create a new Splunk Observability credential for use in this flow.

Endpoint templates

Nexla provides pre-built templates that can be used to rapidly configure destinations to send data to common Splunk Observability endpoints. Select the endpoint to which data will be sent from the Endpoint pulldown menu. Then, click on the template in the list below to expand it, and follow the instructions to configure additional endpoint settings.

Send Datapoints

This endpoint template allows you to send each Nexset record as a data point to Splunk Observability Observability Cloud. Use this template when you need to send metrics or time-series data to Splunk Observability for monitoring and observability.

  • Enter the Ingestion Access Token in the Ingestion Access Token field. This should be the Splunk organization access token that has INGEST permission enabled. The ingestion access token is used to authenticate requests to the Splunk Observability ingestion endpoint and must have INGEST permission enabled.

This endpoint sends each Nexset record as a data point to Splunk Observability Observability Cloud. The endpoint sends data as JSON in the request body to the Splunk Observability ingestion endpoint. Each record from your Nexset will be sent as a separate data point. The request body should contain the metric data in the format required by the Splunk Observability API, including metric names, values, timestamps, and other metric properties.

The ingestion access token must have INGEST permission enabled and is used in the X-SF-Token header to authenticate requests to the Splunk Observability ingestion endpoint. The data point structure must match the Splunk Observability API's expected format.

For detailed information about sending metrics, request body formats, ingestion tokens, and available metric properties, see the Splunk Observability API documentation.

Manual configuration

Splunk Observability destinations can also be manually configured to send data to any valid Splunk Observability API endpoint. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, data format, endpoint URL, request headers, attribute exclusions, record batching, and response webhooks.

Splunk Observability API typically uses the POST method and expects JSON format for all requests. The destination endpoint URL must include your realm (e.g., https://ingest.{realm}.signalfx.com/v2/datapoint). The request body is typically {message.json} to send the entire Nexset data as JSON, or you can construct a custom JSON structure matching the datapoint, event, or other resource format required by the target endpoint.

Save & activate

Once all endpoint settings have been configured, click the Done button in the upper right corner of the screen to save and create the destination. To send the data to the configured Splunk Observability endpoint, open the destination resource menu, and select Activate.

The Nexset data will not be sent to the Splunk Observability endpoint until the destination is activated. Destinations can be activated immediately or at a later time, providing full control over data movement.