Splunk integration

This integration ingests Splunk alerts and maps them to Moogsoft events automatically.

This integration was validated with Splunk Enterprise version 8.2, 8.1, and 8.0 on September 9, 2021.

Create a new integration in Moogsoft

  1. Log in to your Moogsoft instance.

  2. Choose Data Config > Ingestion Services > Splunk.

  3. Click Add New Integration.

The new integration includes a custom endpoint, a set of default mappings to convert Splunk payloads to Moogsoft events, and a deduplication key to group similar events into alerts. You can customize how the integration maps and deduplicates your Splunk data, but this is an advanced feature.

Configure your Splunk instance