Splunk Source Node
Quick Reference
| Name | Description |
|---|---|
| Use Credentials | Credentials used to authenticate with your Splunk storage. |
| Splunk URL | The URL of your Splunk Management endpoint ex: https://splunk.example.com:8089 |
| Search Query | Query to define data to retrieve, in SPL (Search Processing Language) ex: search index=main sourcetype=access_log |
| Earliest time | Specify the earliest time for your search query to create a range. |
| Latest time | Specify the latest time for your search query to create a range. |
💡 Tip: The SPL query usually begins with the search command. The connector submits this query exactly as written to the Splunk API.
Overview
The Splunk Source connector allows you to ingest data directly from Splunk Enterprise or Splunk Cloud Platform into your workflow. It functions by submitting a search job to the Splunk API and retrieving the results as a batch of records.
This source is designed for batch ingestion. When the workflow runs, the connector connects to the Splunk management port, executes a specific Search Processing Language (SPL) query, waits for the job to complete, and ingests the resulting events
Prerequisites
Before configuring the source, ensure you have:
- Network Access: Your workflow execution environment must be able to reach the Splunk Management port (typically port 8089).
- Credentials: A valid Splunk username and password with permissions to execute search jobs.
Configuration
Use Credentials
Select an existing Username/Password credential from the dropdown menu or create a new one.
- Type: The connector requires standard Username and Password authentication.
- Permissions: Ensure the user associated with these credentials has the search capability in Splunk.
Splunk URL
Enter the full URL of your Splunk Management endpoint.
- Format:
scheme://host:port - Example:
https://splunk.example.com:8089 - Important: You must include the protocol (
httporhttps) and the port number. This is usually the management port (default8089), not the web interface port (default8000).
Search Query
Enter the SPL (Search Processing Language) query to define the data you want to retrieve.
- Example: search index=main sourcetype=access_log | head 100
- Note: The query usually begins with the search command. The connector submits this query exactly as written to the Splunk API.