Skip to main content

Integrate Kisi with Splunk

You can integrate Kisi with Splunk to analyze access events by sending them to the Splunk Cloud.

info

This is a Kisi-built integration, maintained and supported by Kisi.

Create the Splunk token

  1. Sign in to your Splunk account
  2. Navigate to Settings > Data inputs
  3. Click on HTTP Event Collector
    • If you see a warning sign beside the Global settings button at the top right corner: Click the Global Settings button > enable the All Token option > Click Save
  4. Click on New token
  5. Enter the name of the token (e.g. Kisi). Leave the rest of the options with the default values.
  6. Click Next
  7. In the Input Settings, select your desired index under Select Allowed Indexes
  8. Click Review
  9. Click Submit
  10. Copy the token value. Alternatively, you can view the token value you created by going to Settings > Data Input > HTTP Event Collector

Set up the integration in Kisi

  1. Sign in to Kisi with your admin user
  2. Open the Settings and click on Integrations
  3. Click on Add integration
  4. Provide a name for your integration (e.g. Splunk)
  5. Open the Type dropdown and select Splunk
  6. Click on Add
  7. Under Splunk configuration, enter the token value you obtained before
  8. Under URL, enter your Splunk instance (e.g. https://hec.example.com:8088)
  9. Click Save
  10. Select the desired event(s) you wish to monitor in Splunk
  11. Click Save
  12. Click Save and Return