Splunk (Audits)

Setup Splunk to receive audits.

Set up

1. Visit Admin → Connections and click New connection

Lenses.io Connection

2. Select Splunk

Splunk Connection

3. Provide a name and configuration

You can also optionally add tags (i.e. dev). Then add the Splunk configuration information. You can get more information about setting up and using the Splunk HTTP Event Collector.

Splunk Connection

Add channel

Next add one or multiple target Splunk channels.

1. Visit Admin → (Audits) Channels and click Splunk

Splunk audit channel

2. Setup the configuration options

Splunk audit details

For example the above will create the Splunk Audit, that is using the Splunk connection to move audit information from lenses-audits source to Splunk.

An example

If for example you create a rule to send audits to Splunk, then the moment a new audit entry is added, an HTTP API call will be made to the Splunk endpoint.

Additional info

Users with the manage audit log permission can create audit channels.