https://community.splunk.com/t5/Getting-Data-In/Send-PDQ-Connect-Audit-Logs-to-Splunk/m-p/760201#M120439 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/226259">@Kat7</a>&nbsp;</P><P>May i know some more details pls:</P><P>- is it ok to install Splunk agent on the PDQ Connect<BR />(i did google and found this - "PDQ Connect is a cloud-native, agent-based tool for managing remote and local devices. IT teams use it to deploy software, remediate vulnerabilities, and gain remote access — all without a VPN. It’s especially useful for hybrid and distributed workforces")</P><P>--- if its ok to install Splunk agent, then, remaining tasks are simple and easy to do.&nbsp;</P><P>--- if its not ok to install Splunk agent, then, you already said, "<SPAN>I can manually export the PDQ logs from the web interface and upload them into Splunk"<BR />--- without installing Splunk agent, there may be other methods like HEC(http event collector), this requires some additional steps to configured<BR /><BR /><BR /></SPAN></P> Wed, 15 Apr 2026 09:58:38 GMT inventsekar 2026-04-15T09:58:38Z https://community.splunk.com/t5/Getting-Data-In/Send-PDQ-Connect-Audit-Logs-to-Splunk/m-p/760175#M120437 <P>Hello,&nbsp;</P><P>I would like to automatically send the audit logs from PDQ Connect into our Splunk environment.&nbsp; I can manually export the PDQ logs from the web interface and upload them into Splunk, but I would like to not have to do this.</P><P>Has anyone been able to accomplish this?</P><P>Thank you</P> Tue, 14 Apr 2026 13:33:26 GMT https://community.splunk.com/t5/Getting-Data-In/Send-PDQ-Connect-Audit-Logs-to-Splunk/m-p/760175#M120437 Kat7 2026-04-14T13:33:26Z https://community.splunk.com/t5/Getting-Data-In/Send-PDQ-Connect-Audit-Logs-to-Splunk/m-p/760201#M120439 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/226259">@Kat7</a>&nbsp;</P><P>May i know some more details pls:</P><P>- is it ok to install Splunk agent on the PDQ Connect<BR />(i did google and found this - "PDQ Connect is a cloud-native, agent-based tool for managing remote and local devices. IT teams use it to deploy software, remediate vulnerabilities, and gain remote access — all without a VPN. It’s especially useful for hybrid and distributed workforces")</P><P>--- if its ok to install Splunk agent, then, remaining tasks are simple and easy to do.&nbsp;</P><P>--- if its not ok to install Splunk agent, then, you already said, "<SPAN>I can manually export the PDQ logs from the web interface and upload them into Splunk"<BR />--- without installing Splunk agent, there may be other methods like HEC(http event collector), this requires some additional steps to configured<BR /><BR /><BR /></SPAN></P> Wed, 15 Apr 2026 09:58:38 GMT https://community.splunk.com/t5/Getting-Data-In/Send-PDQ-Connect-Audit-Logs-to-Splunk/m-p/760201#M120439 inventsekar 2026-04-15T09:58:38Z https://community.splunk.com/t5/Getting-Data-In/Send-PDQ-Connect-Audit-Logs-to-Splunk/m-p/760215#M120443 <P>It is a cloud based service so there's no where for me to install an agent, unfortunately.</P><P>&nbsp;</P> Wed, 15 Apr 2026 12:41:08 GMT https://community.splunk.com/t5/Getting-Data-In/Send-PDQ-Connect-Audit-Logs-to-Splunk/m-p/760215#M120443 Kat7 2026-04-15T12:41:08Z https://community.splunk.com/t5/Getting-Data-In/Send-PDQ-Connect-Audit-Logs-to-Splunk/m-p/760309#M120451 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/226259">@Kat7</a>&nbsp;You could write a Python script to automate the ingestion by calling PDQ Connect's API to get the required data and send it to Splunk HEC endpoint. You may use the below references to setup the integration. You may use a cron job/task scheduler to run the script at specific intervals. Hope it helps.</P><P>Ref:&nbsp;</P><P><A href="https://connect.pdq.com/hc/en-us/articles/22929727991451-PDQ-Connect-API" target="_blank" rel="noopener">PDQ Connect API – PDQ Connect Help Center</A></P><P><A href="https://help.splunk.com/en/splunk-enterprise/get-started/get-data-in/9.4/get-data-with-http-event-collector/set-up-and-use-http-event-collector-in-splunk-web" target="_blank" rel="noopener">Set up and use HTTP Event Collector in Splunk Web | Splunk Enterprise (last updated 2025-07-03T23:08:11.008Z)</A></P><P><SPAN>&gt;&gt;</SPAN></P><P><SPAN>If this post addressed your question, you can:</SPAN></P><UL><LI><SPAN>Give it&nbsp;</SPAN><SPAN>karma</SPAN><SPAN>&nbsp;to show appreciation&nbsp;<span class="lia-unicode-emoji" title=":thumbs_up:">👍</span></SPAN></LI><LI><SPAN>Mark it as the&nbsp;</SPAN><SPAN>solution</SPAN><SPAN>&nbsp;if it solved your issue&nbsp;<span class="lia-unicode-emoji" title=":heavy_check_mark:">✔️</span></SPAN></LI><LI><SPAN>Add a&nbsp;</SPAN><SPAN>comment</SPAN><SPAN>&nbsp;if you’d like more details&nbsp;<span class="lia-unicode-emoji" title=":pencil:">✏️</span></SPAN></LI></UL><P><SPAN>Acknowledging helpful answers keeps the community strong and motivates contributors to continue sharing their expertise.</SPAN></P><P><SPAN>&gt;&gt;</SPAN></P> Sun, 19 Apr 2026 18:01:15 GMT https://community.splunk.com/t5/Getting-Data-In/Send-PDQ-Connect-Audit-Logs-to-Splunk/m-p/760309#M120451 kknairr 2026-04-19T18:01:15Z