Supported Providers
Splunk
Splunk provider allows you to get Splunk saved searches
via webhook installation
Authentication
This provider requires authentication.
- api_key: Splunk API Key (required: True, sensitive: True)
- host: Splunk Host (default is localhost) (required: False, sensitive: False)
- port: Splunk Port (default is 8089) (required: False, sensitive: False)
- verify: Enable SSL verification (required: False, sensitive: False)
- username: The username connected with the API key/token provided. (required: False, sensitive: False)
Certain scopes may be required to perform specific actions or queries via the provider. Below is a summary of relevant scopes and their use cases:
- list_all_objects: The user can get all the alerts (mandatory)
- edit_own_objects: The user can edit and add webhook to saved_searches (mandatory)
In workflows
This provider can’t be used as a “step” or “action” in workflows. If you want to use it, please let us know by creating an issue in the GitHub repository.
Connecting with the Provider
Obtain Splunk API Token:
- Ensure you have a Splunk account with the necessary permissions. The basic permissions required are
list_all_objects
&edit_own_objects
. - Get an API token for authenticating API requests. Read More on how to set up and get API Keys.
Identify Your Splunk Instance Details:
- Determine the Host (IP address or hostname) and Port (default is 8089 for Splunk’s management API) of the Splunk instance you wish to connect to.