Authentication Parameters

The Splunk provider requires the following authentication parameter:

  • Splunk UseAPI Key: Required. This is your Splunk account username, which you use to log in to the Splunk platform.
  • Host: This is the hostname or IP address of the Splunk instance you wish to connect to. It identifies the Splunk server that the API will interact with.
  • Port: This is the network port on the Splunk server that is listening for API connections. The default port for Splunk’s management API is typically 8089.

Connecting with the Provider

Obtain Splunk API Token:

  1. Ensure you have a Splunk account with the necessary permissions. The basic permissions required are list_all_objects & edit_own_objects.
  2. Get an API token for authenticating API requests. Read More on how to set up and get API Keys.

Identify Your Splunk Instance Details:

  1. Determine the Host (IP address or hostname) and Port (default is 8089 for Splunk’s management API) of the Splunk instance you wish to connect to.

NOTE Make sure to follow this Guide to configure your webhook allow list to allow your keep deployment.