Cloud

Connect Splunk

Reads Splunk server info, saved-search/alert summaries, fired-alert summaries, and optional index counts without exporting raw events.

What you'll need

A Splunk management API URL, usually port 8089, and a bearer token with read access to server info, saved searches, fired alerts, and indexes.

Credential

Splunk bearer token

Requested scopes

server info read, saved searches read, alerts read, indexes read

Powers

Cloud Health, Security Readiness

What it pulls

Server info validation, one bounded page of saved searches, one bounded page of fired alerts, and optional index counts. Raw search results and event bodies are never requested.

What you’ll enter

The exact fields the connect form asks for — and where to find each value.

Splunk management URL
Your Splunk management API root, usually port 8089.
Bearer token
Create a token with read access to server info, saved searches, fired alerts, and indexes. No search/event export permission is required.

Step-by-step setup

  1. 1

    Enter the management URL

    Use the Splunk management API root, usually https://your-splunk-host:8089.

  2. 2

    Create a read token

    Grant read access for server info, saved searches, fired alerts, and indexes. Raw event export is not needed.

  3. 3

    Connect

    Paste the URL and token, then click Connect. We validate server info and sync only aggregate alert/search health signals.

Create a Splunk token → Connect in the app

Read-only adapter implemented with mocked-fetch coverage; alert/index endpoints are optional and omitted when unavailable.