Data Source Connections
      Back to home
      1. Zetaris Support - Knowledge Base
      2. Connecting to Data Sources
      3. Data Source Connections

      Splunk

      Prerequisites

      • Port 8089 is listening publicly or from approved IPs including Zetaris, from Splunk

      Access Splunk from Zetaris

      The Splunk Enterprise Rest API grants users access to all functionalities available within the software's core system, including those used by Splunk Web, which also utilizes the API. Through the Rest API, users gain the ability to execute searches, create and manage objects, as well as configure various aspects of Splunk.

      Accessing Splunk from Zetaris can be done through two ways, either through the SQL Editor or through the REST API connection interface.

      Splunk Enterprise documentation for its REST API.

      Connect via NDP Fabric Builder

      Step 1: Click the Data Fabric Builder icon.

      Step 2: Under File Sources click the '+' next to Virtual File Source to launch the wizard.

      Step 3: Enter a database name for the connection and select 'Create'

      Step 4: Select the '+' icon next to your Splunk connection, then select 'API'

      Step 5: Enter the necessary fields as outlined in the screenshot below, and select 'Next':

       

      Step 6: Finalise connection and select 'Create'.