Connecting Splunk

Last updated: October 8, 2024

After this article...

You'll be able to connect the Splunk integration to Lumos and resolve common issues that arise when connecting.

Required plan & roles

There's no minimum plan required to connect the Splunk integration.

Your Splunk user's role needs to have the permission to create an Event Collector token to connect the integration.

Instructions

In Splunk

1. Follow the instructions here to create a new event collector. Set the name to Lumos. Temporarily save the token value Splunk provides so you can add it to Lumos.

2. Get the host name from your Splunk URL. The host name will be the subdomain of the URL when you log into Splunk. So if your Splunk URL is https://prod1920.splunkcloud.com/, your host value will be prod1920.

In Lumos

1. Find the Splunk card in your Lumos integrations (Reconnect or add new)

2. Plug in your Host from Splunk in the Host field.

3. Plug in your Splunk token in the Token field.

4. Click Connect Splunk to connect the integration.

5. To enable SIEM logging on this connection, go to your SIEM settings and select Splunk from the dropdown.