Splunk

Use the Splunk integration to search and retrieve data needed for incident enrichment.

Overview

Integrate Splunk Cloud in your workflows. This integration will help you find a way to automatically retrieve data and enable Splunk in your automation workflows.

Use Cases

The integration between Fylamynt and Splunk lets you:

  • Ability to retrieve data from Splunk based on a query described in SPL.

  • Connect the data to other workflow steps involving third-party integrations.

Configure Splunk in Fylamynt

  • Navigate to Settings > Integrations > Splunk

  • Configure a new integration instance

Details needed to set up Splunk instance in Fylamynt:

Parameter

Description

Required

Access Token

Token used to access the Splunk instance

True

Splunk URL

URL of the Splunk instance

True

Follow the steps below to integrate your Splunk instance with Fylamynt:

  1. Enter the URL to your Splunk Cloud instance in Splunk URL field in Fylamynt. This should be in the format <yoursubdomain>.splunkcloud.com. Please do not add https:// or http:// at the beginning.

  2. Generate an access token by following the instruction in https://docs.splunk.com/Documentation/SplunkCloud/8.1.2012/Security/CreateAuthTokens. Enter the access token in Access Token field.

  3. Click Authorize button to complete integration.

Integration Actions

You can add these actions in the Fylamynt workflow builder, as part of your workflow.

Input

Parameter

Description

Required

alias

The target account for the run

True

query

Splunk query string to be executed during the run

True

s3_bucket

Name of the S3 bucket where the entire query result can be written

False

Output

Parameter

Type

Description

result

String

String representation of a JSON payload consisting of the query result.

is_result_truncated

Boolean

indicates whether the result is truncated or not. The “result” can have size up to 100kb. The entire result can be written to a S3 bucket provided by the input parameter “s3_bucket”.

s3_bucket

String

Name of the S3 bucket where the result was written.

result_bucket_key

String

The S3 bucket key where the result was written.

Action Example

  • Drag and drop the Splunk Search Action node onto the Workflow Editor Canvas

  • Select the Action node

  • Enter the Query

  • Optionally, select the AWS Target Account Alias and S3 bucket name for query output destination

Last updated