1. Download and install the add-on in your Splunk environment, and navigate to the app. Ensure that you have created an index for this data.
  2. From the Configuration screen click ‘Add’ and then choose a name and enter your credentials.
    Note: Credentials can be either a username/password combination OR client_id/client_secret from a connected app. Any credentials provided are stored locally in the Splunk environment and the password is encrypted.
  3. From the Inputs screen click ‘Create New Input’ then choose a name for the input (e.g. applications)
  4. Fill in the form appropriate to your input.When setting the polling interval, choose a value of 60s or greater.
    Note: If you are uncertain of what Org IDs/Env IDs etc are available on your account then you might want to set up the 'Discovery' input first.

 

Posted by:Becky Nielsen

Becky is a certified Splunk Admin, who has been working for iDelta since graduating from CodeClan's Professional Software Development course in 2019. Previously an archivist at several institutions around the UK, she holds an MSc in Information Management and Preservation from the University of Glasgow.