Splunk Enterprise Security

Connection Requirements

1 - IP

IP address of the Splunk.

2 - Username

The user name for an account that has read access to the API.

3 - Password

The Password of the provided username.

4 - Index Name

Enter the index name.

5 - Hostname Field

Hostnames given in the index name field.

6 - Port

Port number (optional, default: 8089).

7 - Fetch Time

The time range you want to see before the current time (optional, Default="24h")

8 - Extra Args

Add extra args to the standard query.

9 - Query

It is used to write a query other than the standard query.
For the query to work, the search method must also be written at the beginning of the query. ex: query starts with: | search

10 - SSL

Use SSL for connection (optional, default: Encrypted).
If you want to use "1d" as hours type, you should use "24h", If requested from 1 week ago, "1w" should be written.
Attention
Please perform a connection test to ensure there is a valid connection to the Splunk host. When the discovery operation finalized you will be able to see the details on Assets page.