Skip to main content

How to add a Splunk provider

Documentation Team
  • Updated

How to add a Splunk provider

A Connect edition license (or above) is required for this feature. To upgrade please contact sales@squaredup.com.

What are Integrations?

SquaredUp DS Integrations allow you to create your own providers. Each Integration has its own form to help you input the information required for different providers.

What is a provider?

Providers contain the connection details to external platforms. A provider only needs to be set up once and can then be used when creating tiles on a dashboard.

There are two types of integrations and therefore providers:

  • generic Web API providers that can connect to any REST API

  • dedicated providers that connect to a specific external platform or database (SQL, ServiceNow, Azure Active App Insights, Elasticsearch, etc.)

About Splunk providers

A Splunk provider is a dedicated provider that contains the connection details to your Splunk instance. You need to create a Splunk provider before you can use Spunk tiles.

When you are creating a Splunk provider, make sure that the SquaredUp server has access to your Splunk instance, since it is the server that connects to Splunk, and not your users' browser.

Adding a Splunk provider

  1. Log on to SquaredUp DSand navigate to the right-hand menu ☰ > system > Integrations

  2. Under Integrations, click Splunk.

  3. Enter the required data:

    instance name: Enter a name for the integration. This name will be shown in the select provider drop-down in the Splunk tiles.

    url: Enter the URL to your Splunk instance in the format https://instancename:8089/.

    Note: The port number 8089 is the Splunk API port which is different to the port used when browsing Splunk normally, which would be port 8000.

    username and password:

    If you are using a Splunk user account: Enter the username and password of the Splunk user account you want to use for authentication. The credentials will be Base64 encoded automatically.

    If you are using Splunk with Windows authentication: Leave username and password blank. You need to log in to Splunk and add the SquaredUp DS application pool account (meaning the SquaredUp DS application pool identity) to the list of authorized users. If the app pool identity is not a user account, you need to add the computer account as a user to Splunk. For more info, see How to check and modify the application pool identity.

    Note: The user account you choose here affects the available search templates

    Which templates are available in a Splunk tile depends on the permissions of the Splunk user account that is used in the configuration of the Splunk provider. Any search queries that this user can access in Splunk (for example, queries in saved searches, Splunk reports, dashboards, etc.) are visible as templates in Splunk tiles. For example, if you used Splunk User A for the configuration of Splunk provider A, a Splunk tile that uses Splunk provider A will show all templates that are visible to Splunk User A in Splunk.

    ignore invalid ssl: Turn the on/off switch to on if you are using a self-signed certificate.

  4. Click save.
    The integration is now saved and can be used as a provider in Splunk tiles.

Related articles

Comments

0 comments

Please sign in to leave a comment.