Integrate Kisi with Splunk
You can integrate Kisi with Splunk to analyze access events by sending them to the Splunk Cloud.
info
This is a webhook integration based on Kisi events.
Create the Splunk token
- Sign in to your Splunk account
- Under Settings > Data inputs, create a new HTTP Event Collector
- Define a name (e.g. Kisi), then click Next
- In the Input Settings section, under Index, choose the default index where the Kisi data should appear
- Click Review. You'll see a Token has been created successfully message.
Set up the Zapier trigger
- Sign in to Zapier
- Click on Make a Zap and choose Webhooks by Zapier as the trigger
- Select Catch Hook as the trigger event
- Click Continue
- Next, you'll see a Custom Webhook URL. Copy it, leave the window open, and navigate to Kisi.
Create the Kisi Webhook integration
- Sign in to Kisi
- Navigate to Organization Setup
- Click on Integrations > Add Integration
- Define the name of your integration
- From the Type dropdown choose Event Webhook
- In the URL field enter the Custom Webhook URL copied from Zapier
- Click Save
Set up Zapier Action
- Return to Zapier and click Continue
- Under Test trigger you can verify if it can read any recent Kisi events
- Click Continue
- Choose Webhooks by Zapier
- Set Action Event to Custom Request
- Click Continue
- Under Set up action, choose
POST
as the Method - Under URL enter the collector URL for your Splunk Cloud instance, for example
https://<instancename>.splunkcloud.com:8088/services/collector/raw
- Enable Data Pass-Through
- Under Headers define the an Authorization header by entering the Splunk token you created above
- Click Continue
- Test the Zap or turn it on
New events in Kisi will trigger the a webhook, which will then post to Splunk. You can verify this in Splunk by searching the index configured for Kisi events.