In order to get GitGuardian notifications on Splunk, you'll need a Splunk instance on which you have to generate a HTTP Event collector token (follow the instructions below).
Once you have your webhook URL and your token, enter it on the Integrations page.
This integration works with all the paid plan of Splunk, but doesn't support the free plan.
- Open the web interface of your Splunk instance, head to the “Settings” tab, then “Data inputs”.
- Click on the link to add a new HTTP Event Collector, then on the button to add a new token.
- Give a name (and optionally a description) to your Event Collector, then click the “Next” button.
- Select an existing index or create a new index, then click the “Review” button.
- Check that everything is correct, then click the “Submit” button.
- Congratulations, your token is created! Now go back to the “Settings / Data inputs” page.
- The tokens are disabled by default. You have to enable it by clicking the “Global Settings” button.
- If your instance URL is https://prd-p-xxxxxxxxxxxx.cloud.splunk.com/, then your webhook URL is https://input-prd-p-xxxxxxxxxxxx.cloud.splunk.com:8088/services/collector/event .
Pick your webhook URL and your token and input them into the Splunk integration section of your dashboard.
For business workspace, the Splunk integration configuration is done per team. You can either create a single configuration within the
All-incidentsteam to send all GitGuardian incidents to the same Splunk project or create separate configurations for each team to send their incidents to specific projects.