Environment
- App Control Server: All Supported Versions
- Splunk Enterprise: Versions 5.0 - 7.3
Objective
This article describes how to integrate the Splunk analytics with App Control.
Resolution
- Login to the Console and navigate to the gear icon > System Configuration > External Analytics > Edit.
- In the General section:
- Check the box to Enable Export.
- Specify the Export Directory (should be a local drive on the application server) & click Test.
- Determine whether File Catalog, File Operations or Events will be included.
- Determine whether a Limit will be enforced on the Export Directory.
- Specify the Splunk web server in the Root URL field.
- The defaults for each of the Analytics Server Reports can be filled in using the button, "Set Analytics URLs to Splunk Defaults".
- Click Update to save the settings.
Note: To configure the Splunk Server for integration with the App Control server, please review the following article from
Splunk.
Additional Notes
- Currently the External Analytics feature only supports Splunk Enterprise through version 7.3.
- Integrating App Control with a newer version of Splunk will require exporting the Events using the SYSLOG option as outlined here.
- Further information can be found in the Server Documentation > Supported Integrations section of the App Control documentation.
Related Content
