# Splunk Enterprise ### What is Splunk Enterprise Integration in ZigiOps? Splunk Enterprise is a data analytics and security information and event management (SIEM) platform used for log management, operational intelligence, security monitoring, and infrastructure event analysis across enterprise environments. ZigiOps enables secure, API-based integration between Splunk Enterprise and ITSM, monitoring, and operations management platforms. Using ZigiOps, Splunk alerts and events can be synchronized with external systems to support automated incident creation and cross-platform security and operations workflows. With ZigiOps, Splunk Enterprise can: * Forward Splunk alerts to operations management platforms such as OBM as structured events * Receive infrastructure events from other monitoring platforms for centralized log ingestion * Participate in automated incident creation workflows triggered by Splunk search alerts * Support bi-directional event flows between SIEM and ITOM or ITSM platforms The integration is fully customizable and does not require custom scripts or plugins. ### Which Splunk Enterprise Versions Are Supported? {% hint style="info" %} Please note that using a supported version is mandatory. {% endhint %} | Product | Supported Deployment Types | Supported Versions | | ----------------- | -------------------------- | ------------------ | | Splunk Enterprise | Cloud, Server | 7.x (or newer) | ### Are There Any Environmental Prerequisites for Splunk Enterprise? {% hint style="info" %} Confirm the prerequisites of the corresponding integration template before continuing, as some templates may not require all environmental prerequisites. {% endhint %} #### How Do I Generate an API Token in Splunk Enterprise? 1. Log in to your Splunk Enterprise instance. 2. Navigate to: **Settings > Data Inputs** 3. Create an **HTTP Event Collector** entry. 4. Click **New Token** to generate the API token. {% hint style="warning" %} Store the token securely. It is required for the ZigiOps connected system configuration. {% endhint %} ### How Do I Connect Splunk Enterprise to ZigiOps? #### Splunk Enterprise - Connected System Configuration Follow the steps below to add your Splunk Enterprise instance as a connected system. {% stepper %} {% step %} Log into your ZigiOps instance. {% endstep %} {% step %} Navigate to: **Connected Systems > Add New System > Splunk** {% endstep %} {% step %} Configure the following parameters: * **URL** - Input the URL of your Splunk instance. For example, `https://splunk.example.com:8089` * **Username** - Input your Splunk username. * **Password** - Input the password for the above user. * **API Token** - Input the API token generated via the HTTP Event Collector. * **Proxy Settings** - Enables the usage of a proxy server. {% endstep %} {% step %} Examine the settings and if they are correct, click the **Save** button to store the system. {% endstep %} {% endstepper %} Once saved, Splunk Enterprise becomes available for use in ZigiOps integration templates. ### What Are the Most Common Splunk Enterprise Integration Use Cases? #### Use Case 1: Splunk Alert Forwarding to OBM Splunk Enterprise alerts triggered by saved search queries can be forwarded to OBM as structured events via ZigiOps, enabling operations teams to correlate Splunk-detected anomalies with data from other monitoring tools. #### Use Case 2: Infrastructure Event Ingestion into Splunk Events from monitoring platforms such as AppDynamics and SolarWinds can be forwarded into Splunk Enterprise via ZigiOps, enriching the Splunk data set with infrastructure event context for security and operational analytics. #### Use Case 3: SIEM-to-ITSM Automated Escalation Security events detected and alerted by Splunk can be escalated to ITSM platforms through ZigiOps, creating structured incident records for security operations teams to triage and remediate without manual log review. ### What Integration Templates Are Available for Splunk Enterprise? ZigiOps provides the following integration templates for Splunk Enterprise: * AppDynamics node metrics to Splunk Enterprise events * SolarWinds events to Splunk Enterprise events * Splunk Enterprise alerts to OBM events * Splunk Enterprise events to OBM events *See the Integration Catalog for all Splunk Enterprise templates.* Templates are documented individually in the Integration Catalog. ### Summary The Splunk Enterprise integration in ZigiOps enables: * Secure, API token and username/password-based connectivity * Support for Splunk Enterprise 7.x and newer (Cloud and Server) * Integration with OBM, AppDynamics, and SolarWinds * Alert and event forwarding in both directions * HTTP Event Collector-based token authentication * Optional proxy configuration * Fully customizable synchronization workflows ZigiOps allows Splunk Enterprise to participate in enterprise-grade SIEM, ITOM, and security automation ecosystems without requiring custom development. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.zigiwave.com/available-systems/splunk-enterprise.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.