Splunk integration

This integration ingests Splunk alerts and maps them to Moogsoft Cloud events automatically.

This integration was validated with Splunk Enterprise version 8.2.4 on January 14, 2022.

Create a new integration in Moogsoft Cloud

  1. Log in to your Moogsoft Cloud instance.

  2. Choose Data Config > Ingestion Services > Splunk.

  3. Click Add New Integration.

The new integration includes a custom endpoint, a set of default mappings to convert Splunk payloads to Moogsoft Cloud events, and a deduplication key to group similar events into alerts.

(Optional) Once your endpoint starts receiving data from Splunk, you can customize how the integration maps and deduplicates this data. For more information, see Map External Data to the Moogsoft Cloud Schema and Test your Deduplication Key under Define a custom integration.

Configure your Splunk instance