Getting Data In

Pulling Confluence Audit logs into Splunk


We are currently running the "Server" version of Confluence in our environment. This version doesn't actually store audit logs locally to a directory. Instead, the logs are only visible through the UI and can be exported from there with a max of 100k results. In that case, how would one be able to get these audit logs sent to Splunk in a programmatic manner rather than manually downloading the logs and uploading to Splunk on a periodic basis.

Here is a page which talks about Confluence audit logging and how it is lacking in capability for the "Server" version. The "Data Center" version, which we don't have, logs locally and can easily be sent over to Splunk via UF.

0 Karma



Have you tried using confluence REST API? You can try splunk modular input to call confluence rest api to import the audit data.

Below are some  documentation references for both confluence & splunk that will give some direction

Hope this helps.

0 Karma

That page says integration with 3rd-party monitoring tools is not supported by the server version of the tool. IMO, the only solution to your problem is to buy the DC version.
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...