Skip to content

Splunk

Splunk Integration

Channel Integrations is the fourth sub-section of Workspace Manager.

This section is used to integrate external services with AccuKnox and export logs based on triggers.

  1. Splunk

Choose "Splunk" services and click the Integrate Now button.

1. Integration of Splunk:

a. Prerequisites

  • You need a Splunk HTTP event collector URL for this Integration.
  • [Note]: If you don’t know how to get Splunk HTTP event collector URL then click this link

b. Steps to Integrate:

  • Goto Channel Integration URL
  • Click the Integrate Now button -> Splunk
  • Here you'll be able to see these entries:
    • Integration Name: Enter the name for the integration. You can set any name.
    • Splunk HTTP event collector URL: Enter your Splunk HTTP event collector URL here.
    • Token: Enter your Splunk Token here.
    • Source: Enter your Splunk Source here.
    • Index: Enter your Splunk Index here.
    • Source Type: Enter your Source Type here.
    • Enable HTTPS: If you want HTTPS service then enable this button.
    • Enable TLS Verify: If you want TLS service then enable this button.
  • Once you fill every field then click the button this will test whether your integration is working or not.
  • Click the Save button.

2. Configuration of Alert Triggers:

  • On the Logs page, after choosing specific log filter click on 'Create Trigger' button.
  • The below fields needs to be entered with appropriate data:
  • Name: Enter the name for the trigger. You can set any name without special characters.
  • When to Initiate: The frequency of the trigger as Real Time / .
  • Status: Enter the severity for the trigger.
  • Search Filter Data : The filter log chosen in automatically populated here.This is optional.
  • Predefined queries: The list of predefined queries for this workspace is shown as default.
  • Notification Channel: Select the integration channel that needs to receive logs. This should be Splunk. (Note: Channel Integration is done on the previous step)
  • Save: Click on Save for the trigger to get stored in database.

3. Logs Forwarding:

  • For each Enabled Trigger, please check the Splunk channel to view the logs.
  • Based on Frequency (Real Time / Once in a Day / Week)
  • The Rule Engine matches the real time logs against the triggers created.
Back to top