Splunk

Splunk Integration¶

Channel Integrations is the fourth sub-section of Workspace Manager.

This section is used to integrate external services with AccuKnox and export logs based on triggers.

Choose "Splunk" services and click the Integrate Now button.

You need a Splunk HTTP event collector URL for this Integration.
[Note]: If you don’t know how to get Splunk HTTP event collector URL then click this link

Goto Channel Integration URL
Click the Integrate Now button -> Splunk
Here you'll be able to see these entries:
- Integration Name: Enter the name for the integration. You can set any name.
- Splunk HTTP event collector URL: Enter your Splunk HTTP event collector URL here.
- Token: Enter your Splunk Token here.
- Source: Enter your Splunk Source here.
- Index: Enter your Splunk Index here.
- Source Type: Enter your Source Type here.
- Enable HTTPS: If you want HTTPS service then enable this button.
- Enable TLS Verify: If you want TLS service then enable this button.
Once you fill every field then click the button this will test whether your integration is working or not.
Click the Save button.

On the Logs page, after choosing specific log filter click on 'Create Trigger' button.
The below fields needs to be entered with appropriate data:
Name: Enter the name for the trigger. You can set any name without special characters.
When to Initiate: The frequency of the trigger as Real Time / .
Status: Enter the severity for the trigger.
Search Filter Data : The filter log chosen in automatically populated here.This is optional.
Predefined queries: The list of predefined queries for this workspace is shown as default.
Notification Channel: Select the integration channel that needs to receive logs. This should be Splunk. (Note: Channel Integration is done on the previous step)
Save: Click on Save for the trigger to get stored in database.