Splunk Enterprise Security
Connection Requirements
1 - IP
IP address of the Splunk.
2 - Username
The user name for an account that has read access to the API.
3 - Password
The Password of the provided username.
4 - Index Name
Enter the index name.
5 - Hostname Field
Hostnames given in the index name field.
6 - Port
Port number (optional, default: 8089).
7 - Fetch Time
The time range you want to see before the current time (optional, Default="24h")
8 - Extra Args
Add extra args to the standard query.
9 - Query
It is used to write a query other than the standard query.
For the query to work, the search method must also be written at the beginning of the query. ex: query starts with: | search
10 - SSL
Use SSL for connection (optional, default: Encrypted).
If you want to use "1d" as hours type, you should use "24h", If requested from 1 week ago, "1w" should be written.
Attention
Please perform a connection test to ensure there is a valid connection to the Splunk host. When the discovery operation finalized you will be able to see the details on Assets page.
Last updated