What are the various methods to integrate 3rd party SaaS applications with Splunk.
That helps.
You can surely look on https://splunkbase.splunk.com if there is an add-on for your SaaS application. Usually you get the technical mechanisms in an add-on and the visual knowledge objects like dashboards in an app. But sometimes it's a combination. Please refer to the documentation of the app/add-on to see what it is capable of.
If there is one, you would see that you get that into your Splunk environment. Either Splunk cloud or Splunk Enterprise. The add-on should be vetted for your instance and version. After that you follow the instructions of the app/add-on to onboard the data.
If there is nothing available in splunkbase you would start from scratch. For that the add-on builder is a good start. You would create the mechanism to get the data from the SaaS REST API, extract the fields and create dashboards after that. That's the usual process.
You probably need to ask your SaaS provider what their observability provision options are, because they would probably need to install something on their systems, or give you access to their filesystems (which seems unlikely for a SaaS provision)!
Wow... what a broad question. 🙂
What do you mean by integrate? Which direction?
Generally you can call REST endpoints and consume whatever comes out, you can also send data there. If you get data pushed you would have to set up a point (machine) where you can receive the data, process it and forward it to Splunk or use a HEC (HTTP Event Collector) endpoint of a Splunk instance. If the SaaS produces machine readable files, you would be able to consume those as well. So you see that there are various ways.
@apietsch I want to onboard a SaaS application data to Splunk. What is the process?
I think first would be to integrate the SaaS application add on with Splunk. That's the integration I'm talking about.
If you want to monitor your SaaS application from the outside, there are also mechanisms in the observability components (like Real User Monitoring, Synthetic Monitoring, ...) available.
That helps.
You can surely look on https://splunkbase.splunk.com if there is an add-on for your SaaS application. Usually you get the technical mechanisms in an add-on and the visual knowledge objects like dashboards in an app. But sometimes it's a combination. Please refer to the documentation of the app/add-on to see what it is capable of.
If there is one, you would see that you get that into your Splunk environment. Either Splunk cloud or Splunk Enterprise. The add-on should be vetted for your instance and version. After that you follow the instructions of the app/add-on to onboard the data.
If there is nothing available in splunkbase you would start from scratch. For that the add-on builder is a good start. You would create the mechanism to get the data from the SaaS REST API, extract the fields and create dashboards after that. That's the usual process.