Splunk Enterprise Security

Connection Requirements

1 - IP

IP address of the Splunk.

2 - Username

The user name for an account that has read access to the API.

3 - Password

The Password of the provided username.

4 - Index Name

Enter the index name.

5 - Hostname Field

Hostnames given in the index name field.

6 - Port

Port number (optional, default: 8089).

7 - Fetch Time

The time range you want to see before the current time (optional, Default="24h")

8 - Extra Args

Add extra args to the standard query.

9 - Query

It is used to write a query other than the standard query.

For the query to work, the search method must also be written at the beginning of the query. ex: query starts with: | search

10 - SSL

Use SSL for connection (optional, default: Encrypted).

If you want to use "1d" as hours type, you should use "24h", If requested from 1 week ago, "1w" should be written.

Attention

Please perform a connection test to ensure there is a valid connection to the Splunk host. When the discovery operation finalized you will be able to see the details on Assets page.

PreviousSophos Endpoint Protection NextSymantec Data Center Security (DCS)

Last updated 6 months ago