Document toolboxDocument toolbox

Create Splunk Indexes for SAP data

Owned by Warwick Chai
Last updated: Dec 18, 2024 by Seth Marek
2 min read

PowerConnect requires a dedicated event index for data delivered by connected SAP systems.

NOTE FOR VERSION 8.3.0: Certain SAP Cloud data now makes use of metrics sent directly to Splunk. To use this feature as it is expanded in the future, create a new metrics index for SAP to store SAP metrics from PowerConnect.

To create an index…

  • Connect to Splunk management interface using an administrator account.

  • Once logged-in, on the top, right hand side, click on “Settings” and then in “Indexes”. A list of all indexes currently defined appears.

  • Create a new index with the name “sap” or similar. It is just crucial to take the name as a reference for future use and to be able to relate the index to its usage eventually.

  • Use default values with the exception of the following settings:

    • When creating an index for PowerConnect SAP metrics, please switch the Index Data Type to “Metrics.” Otherwise, keep the Index Data Type as “Events” for PowerConnect logs.

    • For Splunk Enterprise, set the maximum size of the index based on your available space. The default is 500GB, but this number may change based on the size of your SAP landscape or available storage. For Splunk Cloud, set a maximum retention period with the “Searchable time (days)” based on your Splunk Cloud subscription.

    • Change the “App” value to “SAP PowerConnect for Splunk”.

  • “Save” the new index.

  • The new index now appears in the list.

Next step is to create an HTTP Event Collector (HEC) which actually is a prerequisite for establishing a connection between SAP and Splunk.