> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Splunk

> Splunk enables you to search, analyze, and visualize the data gathered from the components of your IT infrastructure or business. Splunk takes in data from websites, applications, sensors, devices, and so on.

## Creating a Splunk connection

Create the connection by using one of the following methods:

* [API Token](#using-api-token)
* [Username & Password](#using-username-and-password)
* [HTTP Event Token](#using-http-event-token)

<Info>
  **Splunk Cloud users**:

  Your `Splunk Domain` is the deployment name associated with your generated token. It can be found in the URL on the **Generate Token** page and is not necessarily the same as your Splunk instance name.
  The correct format is: `https://{deployment-name}.splunkcloud.com`.
</Info>

<Check>
  You must be logged into the Splunk domain before any external API connections
  can function.
</Check>

<Check>
  Each action on our platform supports different authentication methods based on
  Splunk's requirements. Most actions support the **API Token** and **Username &
  Password** methods, while some actions require an HTTP Event Collector Token
  and therefore only support the **HTTP Event Token** method.
</Check>

<Info>
  Before you can access your instance via Splunk's API, you **must** add Blink's public IP addresses to the Search Head API Access and IDM API allow lists. Please refer to [Splunk's Guide](https://docs.splunk.com/Documentation/SplunkCloud/9.2.2403/RESTTUT/RESTandCloud#:~:text=Accessing%20the%20Splunk%20Cloud%20Platform%20REST%20API\&text=Use%20the%20Admin%20Config%20Service,lists%20for%20Splunk%20Cloud%20Platform) for more details. If you prefer configuring the IP's via Splunk Web, please see [Configure IP allow lists using Splunk Web](https://docs.splunk.com/Documentation/SplunkCloud/9.2.2406/Admin/ConfigureIPAllowList).

  IPs to add to the allow lists:

  | IP             |
  | -------------- |
  | 44.194.139.218 |
  | 3.217.19.166   |
  | 54.81.101.61   |
  | 107.20.97.38   |
</Info>

### Using API Token

To create the connection you need:

* A Splunk Domain
* A Deployment API Port
* An API Token

### Obtaining the API token

1. In the system bar, click **Settings**.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/splunkSettings.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=0c549c62906da89ff353e84f51433e6a" alt="splunkSettings" width="3428" height="1123" data-path="img/Splunk/splunkSettings.png" />

2. Click **Tokens**.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/splunkTokensMenu.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=601049b993d8d643bde8ed5df6c8811e" alt="splunkTokensMenu" width="3420" height="1272" data-path="img/Splunk/splunkTokensMenu.png" />

3. Click **New Token**.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/splunkNewToken.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=0723467c07a5f23ebd89bb7b83d67925" alt="splunkNewToken" width="3444" height="914" data-path="img/Splunk/splunkNewToken.png" />

4. In the **New Token** dialog, fill the required details. Pay attention to the `Expiration` field, if you won't specify it, the token will expire within a month. When finished, click **Create**.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/tokenExpirationSplunk.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=60e2cdc089dddc5ad58945428d759154" alt="tokenExpirationSplunk" width="1004" height="1426" data-path="img/Splunk/tokenExpirationSplunk.png" />

5. A new section with the token now appears in the dialog.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/splunkToken.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=94a7ad70c8d032a6453f005ac025e203" alt="splunkToken" width="1058" height="1708" data-path="img/Splunk/splunkToken.png" />

#### Creating your connection

1. In the Blink platform, navigate to the **Connections** page > **Add connection**. A New Connection dialog box opens displaying icons of external service providers available.

2. Select the **Splunk** icon. A dialog box with name of the connection and connection methods appear.

3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.

4. Select **API Token** as the method to create the connection.

5. Fill in the parameters:

   * The Splunk Domain
   * The Deployment API Port
   * The API Token

6. (Optional) Click **Test Connection** to test it.

7. Click **Create connection**. The new connection appears on the **Connections** page.

### Using Username and Password

To create the connection you need:

* A Splunk Domain
* A Deployment API Port
* A Splunk Username
* A Splunk Password

### Obtaining the credentials

1. The username and password are the same as those with which you log on to your Splunk deployment.

<Check>
  For authentication, the username should be the portion of the email address
  preceding the "@" symbol, rather than the full email address.
</Check>

#### Creating your connection

1. In the Blink platform, navigate to the **Connections** page > **Add connection**. A New Connection dialog box opens displaying icons of external service providers available.

2. Select the **Splunk** icon. A dialog box with name of the connection and connection methods appear.

3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.

4. Select **Username & Password** as the method to create the connection.

5. Fill in the parameters:

   * The Splunk Domain
   * The Deployment API Port
   * The Splunk Username
   * The Splunk Password

6. (Optional) Click **Test Connection** to test it.

7. Click **Create connection**. The new connection appears on the **Connections** page.

### Using HTTP Event Token

To create the connection you need:

* A Splunk Domain
* An Event Collector API Port
* An HTTP Event Collector Token

### Obtaining the HTTP Event Collector Token

1. In the system bar, click **Settings** > **Add Data**.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/splunkSettingsData.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=6c597c9bc64875dc1e6228ff10ede410" alt="splunkSettingsData" width="3452" height="1686" data-path="img/Splunk/splunkSettingsData.png" />

2. Click **Monitor**.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/splunkMonitor.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=939cc056f486471a71d9b8dcbb7d42d4" alt="splunkMonitor" width="3418" height="1286" data-path="img/Splunk/splunkMonitor.png" />

3. Click **HTTP Event Collector**.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/SplunkHttpToken.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=e8035175141cff238fc6c0226cc93029" alt="SplunkHttpToken" width="2534" height="914" data-path="img/Splunk/SplunkHttpToken.png" />

4. In the **Name** field, enter a name for the token (The remaining attributes are optional) > click **Next**.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/splunkFillDetails.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=612026dc984fe7020744b7515782c1c6" alt="splunkFillDetails" width="2530" height="1182" data-path="img/Splunk/splunkFillDetails.png" />

5. \[Optional] Make edits to source type and confirm the index where you want HEC events to be stored. For more information, please refer to the [Splunk documentation](https://docs.splunk.com/Documentation/SplunkCloud/9.0.2209/Data/Modifyinputsettings). Click **Review**.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/splunkSourceType.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=8e6304abd7bf907e2c27aa9c4fb0f4c3" alt="splunkSourceType" width="2644" height="1838" data-path="img/Splunk/splunkSourceType.png" />

6. Confirm your settings selections > click **Submit**.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/splunkSubmit.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=ff63b552fc16905b412a9da028a393bc" alt="splunkSubmit" width="2996" height="1144" data-path="img/Splunk/splunkSubmit.png" />

7. An **HTTP Event Collector Token** has been created.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/splunkHttpTokenValue.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=54e58653e804632251a9393049cc7397" alt="splunkHttpTokenValue" width="2752" height="1410" data-path="img/Splunk/splunkHttpTokenValue.png" />

### Enable the HTTP Event Collector Token

1. Click **Settings** > **Data Inputs**.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/splunkDataInputs.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=3731ecd9d41883f6283a3d447c3f9096" alt="splunkDataInputs" width="3444" height="1449" data-path="img/Splunk/splunkDataInputs.png" />

2. Click **HTTP Event Collector**.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/splunkDataInputsHttp.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=0dab51bc9e8a71ee407af5f86af76dac" alt="splunkDataInputsHttp" width="3444" height="1570" data-path="img/Splunk/splunkDataInputsHttp.png" />

3. For Splunk Cloud: In the Actions column for that token, click the Enable link. The token status toggles immediately and the link changes to Enable.

4. For Splunk Enterprise:

   a. Click **Global Settings**.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/splunkGlobalSettings.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=3b25e1f37cb4cac0eb557a30422c9d1d" alt="splunkGlobalSettings" width="3446" height="1068" data-path="img/Splunk/splunkGlobalSettings.png" />

   b. Toggle the switch to **Enabled** and adjust the **HTTP Port Number** (default is 8088) > click **Save**.

   <img src="https://mintcdn.com/blinkops-2/mpgGCUqut4o2ZChd/img/Splunk/splunkHttpEnable.png?fit=max&auto=format&n=mpgGCUqut4o2ZChd&q=85&s=ff44c4b79c978157077f1b28a8c21e44" alt="splunkHttpEnable" width="3438" height="1382" data-path="img/Splunk/splunkHttpEnable.png" />

#### Creating your connection

1. In the Blink platform, navigate to the **Connections** page > **Add connection**. A New Connection dialog box opens displaying icons of external service providers available.

2. Select the **Splunk** icon. A dialog box with name of the connection and connection methods appear.

3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.

4. Select **HTTP Event Token** as the method to create the connection.

5. Fill in the parameters:

   * The Splunk Domain
   * The Event Collector API Port
   * The HTTP Event Collector Token

6. (Optional) Click **Test Connection** to test it.

7. Click **Create connection**. The new connection appears on the **Connections** page.
