Splunk
  • 2 minutes to read
  • Print
  • Share
  • Dark
    Light

Splunk

  • Print
  • Share
  • Dark
    Light

Splunk captures, indexes, and correlates real-time data in a searchable repository.

Adapter Parameters

  1. Host Name (required) - The hostname of the Splunk server.
  2. Port (required, default: empty) - Specify the port of the Splunk system.
  3. Protocol (required, default: HTTPS)* - Select between HTTP and HTTPS protocols when using to the specific adapter connection.
  4. User Name and Password (required) - The user name and password for an account that has read access to the API. To create a new user with read permissions., follow the tutorial in the official Splunk documentation.
  5. API Token (optional, default: empty) - API token can be used instead of user name and password.
  6. Choose Instance (required, default: 'Master') - The Axonius node to utilize when connecting to Host Name. For more details, see Connecting Additional Axonius Nodes.

image.png

NOTE

For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Configuring Splunk Advanced Settings

To configure the Splunk adapter advanced settings, open the Splunk adapter page, click Advanced Settings, and then click the Splunk Configuration tab:

  • Splunk search macros list (Optional, default: empty) - Specify a comma-separated list of Splunk search macros names. For details on Splunk search macros, see Splunk Knowledge Manager Manual - Define search macros in Settings.
    • Axonius will run the Splunk search macros names and will consider the results as if those were received from a CSV file. This means the search macros must include at least one column of required data as specified in the CSV Serials adapter - Which fields will be imported with a devices file?.
    • If supplied, all connections for this adapter will run the specified search macros and will fetch devices from the results.
    • If not supplied, all connections for this adapter will not include any search macros results in the fetched data.
  • Splunk installed software search macros list (Optional, default: empty) - Specify a comma-separated list of Splunk search macro names that provide installed software information. For details on Splunk search macros, see Splunk Knowledge Manager Manual - Define search macros in Settings.
    • Axonius will run the Splunk search macros names and will consider the results as if those were received from a CSV file with installed software information. This means the search macros must include at least one column of required data as specified in the Which fields will be imported with a software applications file?.
    • If supplied, all connections for this adapter will run the specified search macros and will fetch installed software from the results and associate them to device entities.
    • If not supplied, all connections for this adapter will not include any search macros results in the fetched data.
  • Number of days to fetch (required, default: 30) - Specify the query size by number of days Axonius will request to fetch data from all the connections of this adapter.
  • Maximum amount of records per search (required, default: 100000) - Specify the maximum number of records Axonius should fetch from all the connections of this adapter.
  • Windows login fetch hours (required, default: 3) - Specify the Windows login data query size by hours Axonius will request to fetch from all the connections of this adapter.
  • Fetch devices from Cisco (required, default: True)
    • If enabled, all connections for this adapter will fetch the devices dta from Cisco data in Splunk.
    • If disabled, all connections for this adapter will not fetch the devices data from Cisco data in Splunk.

image.png

Was this article helpful?