Check out the latest on ZigiOps in our Blog!
Ctrlk
Book DemoStart TrialOpen a Ticket

Splunk Enterprise

Connect Splunk Enterprise to ZigiOps. API token generation via HTTP Event Collector, connected system setup, and templates for alert and event synchronization with OBM.

What is Splunk Enterprise Integration in ZigiOps?

Splunk Enterprise is a data analytics and security information and event management (SIEM) platform used for log management, operational intelligence, security monitoring, and infrastructure event analysis across enterprise environments.

ZigiOps enables secure, API-based integration between Splunk Enterprise and ITSM, monitoring, and operations management platforms. Using ZigiOps, Splunk alerts and events can be synchronized with external systems to support automated incident creation and cross-platform security and operations workflows.

With ZigiOps, Splunk Enterprise can:

  • Forward Splunk alerts to operations management platforms such as OBM as structured events

  • Receive infrastructure events from other monitoring platforms for centralized log ingestion

  • Participate in automated incident creation workflows triggered by Splunk search alerts

  • Support bi-directional event flows between SIEM and ITOM or ITSM platforms

The integration is fully customizable and does not require custom scripts or plugins.

Which Splunk Enterprise Versions Are Supported?

Please note that using a supported version is mandatory.

Product
Supported Deployment Types
Supported Versions

Splunk Enterprise

Cloud, Server

7.x (or newer)

Are There Any Environmental Prerequisites for Splunk Enterprise?

Confirm the prerequisites of the corresponding integration template before continuing, as some templates may not require all environmental prerequisites.

How Do I Generate an API Token in Splunk Enterprise?

  1. Log in to your Splunk Enterprise instance.

  2. Navigate to: Settings > Data Inputs

  3. Create an HTTP Event Collector entry.

  4. Click New Token to generate the API token.

Store the token securely. It is required for the ZigiOps connected system configuration.

How Do I Connect Splunk Enterprise to ZigiOps?

Splunk Enterprise - Connected System Configuration

Follow the steps below to add your Splunk Enterprise instance as a connected system.

1

Log into your ZigiOps instance.

2

Navigate to: Connected Systems > Add New System > Splunk

3

Configure the following parameters:

  • URL - Input the URL of your Splunk instance. For example, https://splunk.example.com:8089

  • Username - Input your Splunk username.

  • Password - Input the password for the above user.

  • API Token - Input the API token generated via the HTTP Event Collector.

  • Proxy Settings - Enables the usage of a proxy server.

4

Examine the settings and if they are correct, click the Save button to store the system.

Once saved, Splunk Enterprise becomes available for use in ZigiOps integration templates.

What Are the Most Common Splunk Enterprise Integration Use Cases?

Use Case 1: Splunk Alert Forwarding to OBM

Splunk Enterprise alerts triggered by saved search queries can be forwarded to OBM as structured events via ZigiOps, enabling operations teams to correlate Splunk-detected anomalies with data from other monitoring tools.

Use Case 2: Infrastructure Event Ingestion into Splunk

Events from monitoring platforms such as AppDynamics and SolarWinds can be forwarded into Splunk Enterprise via ZigiOps, enriching the Splunk data set with infrastructure event context for security and operational analytics.

Use Case 3: SIEM-to-ITSM Automated Escalation

Security events detected and alerted by Splunk can be escalated to ITSM platforms through ZigiOps, creating structured incident records for security operations teams to triage and remediate without manual log review.

What Integration Templates Are Available for Splunk Enterprise?

ZigiOps provides the following integration templates for Splunk Enterprise:

  • AppDynamics node metrics to Splunk Enterprise events

  • SolarWinds events to Splunk Enterprise events

  • Splunk Enterprise alerts to OBM events

  • Splunk Enterprise events to OBM events

See the Integration Catalog for all Splunk Enterprise templates.

Templates are documented individually in the Integration Catalog.

Summary

The Splunk Enterprise integration in ZigiOps enables:

  • Secure, API token and username/password-based connectivity

  • Support for Splunk Enterprise 7.x and newer (Cloud and Server)

  • Integration with OBM, AppDynamics, and SolarWinds

  • Alert and event forwarding in both directions

  • HTTP Event Collector-based token authentication

  • Optional proxy configuration

  • Fully customizable synchronization workflows

ZigiOps allows Splunk Enterprise to participate in enterprise-grade SIEM, ITOM, and security automation ecosystems without requiring custom development.

PreviousSolarWindsNextSplunk Observability Cloud (SignalFx)

Last updated

Was this helpful?