Splunk

Version: 4.2.0

Turn Machine Data Into Answers. Splunk delivers real-time answers and business value from machine data so you can make better decisions.

Connect Splunk with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Splunk.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • URL: URL of the Splunk server (e.g., https://www.example.com)
    • User: User name to log in with.
    • Password: Password to log in with.
  4. After you've entered all the details, click Connect.

Actions for Splunk

Update Notables

Update the status, urgency, owner, or comment of one or more notable events.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

EventID

Event ID of notable.

Required

Comment

Comment to use in notable.

Required

Status

Status of notable.

Required

Urgency

Notable urgency (Unknown/Low/Medium/High/Critical).

Required

Owner

Jinja-template containing the owner name. Example: {{parent_column_containing_owner}}

Required

Retry Count

This integration retries connecting with splunk this many number of time in case of failure (Default is 0).

Optional

Delay between retries

Amount of time in seconds which is used to wait between the retries. Only used if retry count is used. (Default is 5 seconds).

Optional

Output

A JSON object containing results of performing the action.

Query

Runs query on Splunk

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Query String

Search query string

Required

Search Window Start

Start window of search query to fetch results for. Default 'flow-start-time'.

Optional

Search Window End

End window of search query to fetch results for. Default 'flow-end-time'.

Optional

Interval

Slice search into smaller intervals (in seconds).

Optional

Retry Count

This integration retries connecting with splunk this many number of time in case of failure (Default is 0).

Optional

Delay between retries

Amount of time in seconds which is used to wait between the retries. Only used if retry count is used. (Default is 5 seconds).

Optional

Output

A JSON object containing results of performing the action.

List Users

Lists Splunk users

Input Field

No Required Input

Output of Action:
A JSON object containing multiple rows of result of Splunk user details.

Restart Splunk

Restarts Splunk Web interface and/or splunkd server daemon.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Restart splunkd server daemon

Select option Yes/No whether to restart splunkd server daemon in addition to Splunk Web Interface.

Optional

Output

A JSON object containing results of performing the action.

Reset User Password

Resets given user's password

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Splunk user column

Select column containing user whose password is to be reset.

Required

Old password column

Select column containing the existing password that is to be reset.

Required

New password column

Select column containing a new password. If omitted, a random password will be generated and used.

Optional

Force Change Password

Select option Yes/No. Forces user to change the password on login with a reset password. Default 'Yes'.

Optional

Output

A JSON object containing results of performing the action.

Configure Replication Factor

Configures replication and Search factor. Requires a restart of splunkd server daemon.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Replication Factor

Set Cluster Replication Factor.

Required

Search Factor

Set Cluster Search Factor.
Note: Search Factor must not be more than the Replication Factor.

Required

Output

A JSON object containing results of performing the action.

Forward to Splunk index

It writes to a particular Splunk index.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Index

Jinja-templated text containing an index to write on.
Example: {{index_column}}.

Required

Source

Jinja-templated text containing source.
Example: {{source_column}.

Optional

Source Type

Jinja-templated text containing source type.
Example: {{source_type_column}.

Optional

Add Hidden Fields

Select True/False for add hidden fields ( "lhub_page_num" and "lhub_id") .(Default value is False).

Optional

Output

A JSON object containing multiple rows of result:

{
   "result":"Successfully forwarded to splunk index",
   "error":null,
   "has_error":false
}

Release Notes

  • v4.2.0 - Added new optional field source in an existing action Forward to Splunk Index.

Did this page help you?