# Splunk Integration

This integration ensures that your team stays informed about important changes and potential security risks & threats within your environment, enhancing your organization's identity protection capabilities.

### Configuring Splunk HTTP Event Collector

For the integration, you will need an HTTP Event collector configured in Splunk. information regarding the process can be found on [Splunk documentation](https://docs.splunk.com/Documentation/Splunk/9.0.4/Data/UsetheHTTPEventCollector). After performing the steps as described in their documentation, please keep note of the Webhook URL and Authorization Token.

### Adding integration in Rezonate

To enable this integration, click the setting button on the top right corner of the application.\
In the settings, select Accounts & Integrations, and then pick **External Integrations**.

Click on **New Integration** and select **Splunk**.

**Fill out the form as follows:**

<table data-header-hidden><thead><tr><th width="148"></th><th></th></tr></thead><tbody><tr><td><strong>Property</strong></td><td><strong>Value</strong></td></tr><tr><td>Name</td><td>Select your integration name.</td></tr><tr><td>URL</td><td><p>If you are using <strong>Splunk Cloud</strong> please write:</p><pre><code><strong>https://http-inputs-{$SPLUNK_TENANT_NAME}.splunkcloud.com/services/collector/raw
</strong></code></pre><p>You can extract your Splunk <strong>SPLUNK_TENANT_NAME</strong> from the Url being used to access the application https://<strong>mydomain</strong>.splunkcloud.com (the bold part)</p><p> </p><p>If you are using <strong>Self</strong>-<strong>managed</strong> <strong>Splunk</strong> please write:</p><pre><code><strong>https://{$SPLUNK_DOMAIN$}:{$SPLUNK_HEC_PORT}/services/collector/raw
</strong></code></pre></td></tr><tr><td>Authorization Token</td><td>Please write down the Secret Token you received from Splunk during the creation process. </td></tr></tbody></table>

Note that before saving the integration, you can click on **Test Integration** which will send an example message to that channel.

<figure><img src="/files/U3lTsejPdsCDEaEUi8A4" alt=""><figcaption><p>Splunk integration screen, Rezonate Platform.</p></figcaption></figure>

Thats it! now you can send Notifications and Alerts from any part of the platform to Splunk.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kb.rezonate.io/notifications-and-alerts/splunk-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.