Splunk Cloud integration
Integrating with Splunk Cloud
Jit's integration with Splunk Cloud makes it easy to stream your audit logs to Splunk for storage and analysis using Splunk's event collector.
You can learn more about Jit's audit logs here.
Quickstart
-
In Jit's web app, go to the Integrations page.
-
Find the "Splunk Cloud" card and click "Connect".
-
You should now see a Splunk integration window. Click on "Connect" at the top right corner.
-
You will now need to provide your deployment name (from your splunk URL) and the HTTP Event Collector (HEC) token that will be used to send events.
-
Log into your Splunk Cloud account.
-
Navigate to Settings > Data Inputs
- Under Local Inputs, HTTP Event Collector click Add new
-
Follow these steps:
-
Name your token (e.g., "Jit Integration").
-
Make sure
Enable indexer acknowledgementis Unchecked
-
-
Click Next
-
Choose the indexes that will ingest Jit's audit logs (under
Selected items(s))
-
Click Review -> Submit and copy the generated token. Please note that if the token is deleted or modified, events from Jit will no longer be logged to Splunk Cloud.
Learn more in Splunk documentation.
-
-
Paste the token in the "Event collector token" textbox and click Continue.
If the token is valid, your integration is now active, and you can begin ingesting audits to your instance.
-
Enable audits ingest, and select the desired index. The index must be included in your token configuration.
Sample event
{
"severity":"Info",
"action":"Export plan results",
"description":"Export Plan Test Plan results",
"userAgent":"Mozilla/5.0",
"ip":"192.168.0.1",
"email":"[email protected]",
"plan_name":"Test Plan"
}
Notes
-
Ensure that the Splunk HEC endpoint is accessible from Jit.
-
If the token is invalid or the endpoint is inaccessible, You will have to re-integrate.
Updated about 1 month ago