Splunk

To receive GitGuardian notifications on Splunk, you need a Splunk instance and must generate an HTTP Event Collector (HEC) token. Follow the instructions below to set it up.

Once you have your webhook URL and token, enter them on the Integrations page.

caution

This integration works with all paid Splunk plans but is not supported on the free plan.

How to integrate

1. Open the Splunk web interface and navigate to Settings > Data inputs.

2. Add a new HTTP Event Collector and click the button to create a new token.

3. Provide a name (and optionally a description) for your Event Collector, then click Next.

4. Select an existing index or create a new one, then click Review.

5. Verify the settings and click Submit to create your token.

6. Go back to Settings > Data inputs. Tokens are disabled by default, so click Global Settings to enable it.

7. If your instance URL is https://prd-p-xxxxxxxxxxxx.cloud.splunk.com/, your webhook URL will be: https://input-prd-p-xxxxxxxxxxxx.cloud.splunk.com:8088/services/collector/event.

8. Enter your webhook URL and token into the Splunk integration section of your dashboard settings.

9. Team Configurations: For business workspaces, you can configure the Splunk integration per team:

   • Create a single configuration under the All-incidents team to send all GitGuardian incidents to the same Splunk project.
   • Alternatively, create separate configurations for each team to send incidents to specific projects.