Skip to main content

Cloud-delivered Incident ResponderIncident Responder Documentation

Configure the Splunk Service

Configure Splunk as a service to search logs and context tables and run other Splunk actions.

  • Note the hostname of your Splunk API endpoint.

  • If you use a proxy, ensure that you whitelist the hostname of your Splunk API endpoint.

  1. In the sidebar, click SETTINGSA grey gear icon, then select Core.

  2. Under SERVICE INTEGRATIONS, select Services.

  3. Select a service:

    • To configure a specific service, hover over a service, then click CONFIGURE. Use the search by vendor or filter by action to find a service.

    • To manually provide the relevant information for a service, click Configure a new serviceA dark blue plus sign..

    • To view all actions for a service, hover over a service, then click the information icon An icon of a grey i inside a grey circle..

  4. Enter information about the service:

    • Service Name – Enter a unique name for the service. By default, the service name is Splunk.

    • (Optional) Description – Describe the service.

    • (Optional) Owner – Enter the email address of the person or group responsible for the service. 

    • Host – Enter the hostname of your Splunk API endpoint.

    • Admin Port – Enter 8089, the splunkd management port.

    • Username – Enter the username for your Splunk account.

    • Password – Enter the password to your Splunk account.

  5. To validate the source, select TEST CONNECTIVITY.

  6. Select CREATE SERVICE.