Skip to main content

Splunk Integration

Prerequisites

  • Have an active Splunk account.

Pulling your Splunk Access Token (Splunk documentation)

  1. Log into your Splunk account.
  2. Locate your Access Tokens: In the left navigation bar select Settings, than select Access Tokens menu item. A page with your Access tokens appears.
Image showing access tokens Menu
  1. Click on New Token button
Image showing create Access Token button
  • At least you must enable the following permissions:
    • Ingests
Image showing Access Token modal
  1. Click on Create button and the new token will appear in the table on the screen.
  2. Click on the name of an Access Token.
  3. Click on Show token button (located right behind the name). And Copy the generated token.
Image showing Access Token modal
  1. Share the Access Token with an Embrace onboarding specialist or use Embrace's UI to add Splunk as Data Destination.

Pulling your Splunk Realm (Splunk documentation)

  1. Log into your Splunk account.
  2. Locate your Profile: In the left navigation bar select Settings, than press View Profile button. A page with your profile appears appears.
Image showing view profile button
  1. Click on Organizations button
  2. Copy Realm
Image showing Realm
  1. Share the Realm with an Embrace onboarding specialist or use Embrace's UI to add Splunk as Data Destination.