Splunk Integration

Rezonate's Splunk integration enables your team to receive timely alerts and information to and execute workflows and analysis based on them in Splunk.

This integration ensures that your team stays informed about important changes and potential security risks & threats within your environment, enhancing your organization's identity protection capabilities.

Configuring Splunk HTTP Event Collector

For the integration, you will need an HTTP Event collector configured in Splunk. information regarding the process can be found on Splunk documentation. After performing the steps as described in their documentation, please keep note of the Webhook URL and Authorization Token.

Adding integration in Rezonate

To enable this integration, click the setting button on the top right corner of the application. In the settings, select Accounts & Integrations, and then pick External Integrations.

Click on New Integration and select Splunk.

Fill out the form as follows:

Property

Value

Name

Select your integration name.

URL

If you are using Splunk Cloud please write:

https://http-inputs-{$SPLUNK_TENANT_NAME}.splunkcloud.com/services/collector/raw

You can extract your Splunk SPLUNK_TENANT_NAME from the Url being used to access the application https://mydomain.splunkcloud.com (the bold part)

If you are using Self-managed Splunk please write:

https://{$SPLUNK_DOMAIN$}:{$SPLUNK_HEC_PORT}/services/collector/raw

Authorization Token

Please write down the Secret Token you received from Splunk during the creation process.

Note that before saving the integration, you can click on Test Integration which will send an example message to that channel.

Thats it! now you can send Notifications and Alerts from any part of the platform to Splunk.

PreviousEmail Integration NextDatadog Integration

Last updated 2 months ago