Splunk Integration Setup | Communifire Documentation

Your data is at your fingertips by taking advantage of Axero's REST API options and integrating your on-premise or cloud instance of Splunk to help search, monitor, and examine your Axero data. It can be helpful for ingesting and centralizing logs (e.g., user activity logs). 

How to Setup

1. Open your Splunk account.

2. Click "Find More Apps".

3. Search for and install the Splunk Add-on Builder. (Splunkbase link: https://apps.splunk.com/app/2962/)

4. Once installed, launch the Splunk Add-on Builder and select "New Add-on".

5. Name your add-on as desired, then click "Create".

6. Click "Configure Data Collection".

7. Click "New Input".

8. Select "Modular input using a REST API".

9. Name your source type and input as desired, then click "Next".

10. Enter the appropriate REST URL from our REST API Documentation, then click "Test".

Example request:

GET https://myintranet.communifire.com/api/users/activity?Token=xxxxxxxxxxxx

11. Expand "Event extraction settings" and enter the JSON path to the array in the payload to use for breaking the data into individual events for Splunk. Then click "Finish".

In the example request, this would be $.ResponseData:

12. Go back to your Splunk homepage, navigate to the newly created add-on in your apps, and click "Create New Input".

13. Name your input, select a time interval for the input in seconds, and select the desired index. Then click "Add".

14. Navigate back to the Splunk add-on builder from the homepage and click on the add-on you built.

15. Click "Extracted Fields".

16. Click "Assisted Extraction".

Note if "Assisted Extraction" is greyed out, make sure you completed steps 12-13 before starting steps 14-15. 

17. Select "JSON".

18. Click "Save".

You have now configured your Axero API data for Splunk! Take control of extensive data with deeper visibility by connecting your Splunk account to Axero.