Splunk

Splunk integration on indie.money — run searches, manage reports, alerts, and users via the Enterprise API

Written By pvdyck

Last updated About 1 hour ago

Splunk

Supported — Consume the Splunk Enterprise API to run searches, manage reports, read fired alerts and metrics, and administer users.

NodesSplunk
AuthBearer auth token via Secure Vault

Credential Setup

When configuring the Splunk API credential in Secure Vault, provide:

  • Auth Token — your Splunk Enterprise authentication token, sent as a Bearer token on every request
  • Base URL — protocol, domain and port of your Splunk management endpoint (e.g. https://localhost:8089)
  • Allow Self-Signed Certificates — whether to connect even when SSL certificate validation is not possible

Operations

Search

  • Create — create a search job
  • Delete — delete a search job
  • Get — retrieve a search job
  • Get Many — retrieve many search jobs
  • Get Result — get the result of a search job

Report

  • Create From Search — create a search report from a search job
  • Delete — delete a search report
  • Get — retrieve a search report
  • Get Many — retrieve many search reports

Alert

  • Get Fired Alerts — retrieve a fired alerts report
  • Get Metrics — retrieve metrics

User

  • Create — create a user
  • Delete — delete a user
  • Get — retrieve a user
  • Get Many — retrieve many users
  • Update — update a user

Compatibility

All operations supported.