Skip to main content

Splunk

You can integrate Kisi with Splunk to analyze access events by sending them to the Splunk Cloud. The data is sent through a webhooks integration via Zapier.

Create the Splunk token

  1. Sign in to your Splunk account
  2. Under Settings > Data inputs, create a new HTTP Event Collector
  3. Define a name (e.g. Kisi), then click Next
  4. In the Input Settings section, under Index, choose the default index where the Kisi data should appear
  5. Click Review. You'll see a Token has been created successfully message.

Set up the Zapier trigger

  1. Sign in to Zapier
  2. Click on Make a Zap and choose Webhooks by Zapier as the trigger
  3. Select Catch Hook as the trigger event
  4. Click Continue
  5. Next, you'll see a Custom Webhook URL. Copy it, leave the window open, and navigate to Kisi.

Create the Kisi Webhook integration

  1. Sign in to Kisi
  2. Navigate to Organization Setup
  3. Click on Integrations > Add Integration
  4. Define the name of your integration
  5. From the Type dropdown choose Event Webhook
  6. In the URL field enter the Custom Webhook URL copied from Zapier
  7. Click Save

Set up Zapier Action

  1. Return to Zapier and click Continue
  2. Under Test trigger you can verify if it can read any recent Kisi events
  3. Click Continue
  4. Choose Webhooks by Zapier
  5. Set Action Event to Custom Request
  6. Click Continue
  7. Under Set up action, choose POST as the Method
  8. Under URL enter the collector URL for your Splunk Cloud instance, for example https://<instancename>.splunkcloud.com:8088/services/collector/raw
  9. Enable Data Pass-Through
  10. Under Headers define the an Authorization header by entering the Splunk token you created above
  11. Click Continue
  12. Test the Zap or turn it on

New events in Kisi will trigger the a webhook, which will then post to Splunk. You can verify this in Splunk by searching the index configured for Kisi events.