Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Send PDQ Connect Audit Logs to Splunk

Kat7
Explorer
‎04-14-2026 06:33 AM

Hello, 

I would like to automatically send the audit logs from PDQ Connect into our Splunk environment.  I can manually export the PDQ logs from the web interface and upload them into Splunk, but I would like to not have to do this.

Has anyone been able to accomplish this?

Thank you

Labels (1)
Labels
0 Karma
Reply

kknairr
Contributor
a month ago

@Kat7 You could write a Python script to automate the ingestion by calling PDQ Connect's API to get the required data and send it to Splunk HEC endpoint. You may use the below references to setup the integration. You may use a cron job/task scheduler to run the script at specific intervals. Hope it helps.

Ref: 

PDQ Connect API – PDQ Connect Help Center

Set up and use HTTP Event Collector in Splunk Web | Splunk Enterprise (last updated 2025-07-03T23:08...

>>

If this post addressed your question, you can:

  • Give it karma to show appreciation 👍
  • Mark it as the solution if it solved your issue ✔️
  • Add a comment if you’d like more details ✏️

Acknowledging helpful answers keeps the community strong and motivates contributors to continue sharing their expertise.

>>

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎04-15-2026 02:58 AM

Hi @Kat7 

May i know some more details pls:

- is it ok to install Splunk agent on the PDQ Connect
(i did google and found this - "PDQ Connect is a cloud-native, agent-based tool for managing remote and local devices. IT teams use it to deploy software, remediate vulnerabilities, and gain remote access — all without a VPN. It’s especially useful for hybrid and distributed workforces")

--- if its ok to install Splunk agent, then, remaining tasks are simple and easy to do. 

--- if its not ok to install Splunk agent, then, you already said, "I can manually export the PDQ logs from the web interface and upload them into Splunk"
--- without installing Splunk agent, there may be other methods like HEC(http event collector), this requires some additional steps to configured


0 Karma
Reply

Kat7
Explorer
‎04-15-2026 05:41 AM

It is a cloud based service so there's no where for me to install an agent, unfortunately.

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...