Authentication

This provider requires authentication.

  • api_key: Splunk API Key (required: True, sensitive: True)
  • host: Splunk Host (default is localhost) (required: False, sensitive: False)
  • port: Splunk Port (default is 8089) (required: False, sensitive: False)
  • verify: Enable SSL verification (required: False, sensitive: False)
  • username: The username connected with the API key/token provided. (required: False, sensitive: False)

Certain scopes may be required to perform specific actions or queries via the provider. Below is a summary of relevant scopes and their use cases:

  • list_all_objects: The user can get all the alerts (mandatory)
  • edit_own_objects: The user can edit and add webhook to saved_searches (mandatory)

In workflows

This provider can’t be used as a “step” or “action” in workflows. If you want to use it, please let us know by creating an issue in the GitHub repository.

Connecting with the Provider

Obtain Splunk API Token:

  1. Ensure you have a Splunk account with the necessary permissions. The basic permissions required are list_all_objects & edit_own_objects.
  2. Get an API token for authenticating API requests. Read More on how to set up and get API Keys.

Identify Your Splunk Instance Details:

  1. Determine the Host (IP address or hostname) and Port (default is 8089 for Splunk’s management API) of the Splunk instance you wish to connect to.

NOTE Make sure to follow this Guide to configure your webhook allow list to allow your keep deployment.