Splunk Enterprise

3rd party SaaS applications with Splunk.

av_
Path Finder

What are the various methods to integrate 3rd party SaaS applications with Splunk.

Labels (2)
0 Karma
1 Solution

apietsch
Splunk Employee
Splunk Employee

That helps. 

You can surely look on https://splunkbase.splunk.com if there is an add-on for your SaaS application. Usually you get the technical mechanisms in an add-on and the visual knowledge objects like dashboards in an app. But sometimes it's a combination. Please refer to the documentation of the app/add-on to see what it is capable of.

If there is one, you would see that you get that into your Splunk environment. Either Splunk cloud or Splunk Enterprise. The add-on should be vetted for your instance and version.  After that you follow the instructions of the app/add-on to onboard the data. 

If there is nothing available in splunkbase you would start from scratch. For that the add-on builder is a good start. You would create the mechanism to get the data from the SaaS REST API, extract the fields and create dashboards after that. That's the usual process. 

---------------------
Chaos Smoother | Data Wrangler

View solution in original post

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

You probably need to ask your SaaS provider what their observability provision options are, because they would probably need to install something on their systems, or give you access to their filesystems (which seems unlikely for a SaaS provision)!

0 Karma

apietsch
Splunk Employee
Splunk Employee

Wow... what a broad question. 🙂 

What do you mean by integrate? Which direction?

Generally you can call REST endpoints and consume whatever comes out, you can also send data there. If you get data pushed you would have to set up a point (machine) where you can receive the data, process it and forward it to Splunk or use a HEC (HTTP Event Collector) endpoint of a Splunk instance. If the SaaS produces machine readable files, you would be able to consume those as well. So you see that there are various ways. 

---------------------
Chaos Smoother | Data Wrangler
0 Karma

av_
Path Finder

@apietsch I want to onboard a SaaS application data to Splunk. What is the process?
I think first would be to integrate the SaaS application add on with Splunk. That's the integration I'm talking about.

0 Karma

apietsch
Splunk Employee
Splunk Employee

If you want to monitor your SaaS application from the outside, there are also mechanisms in the observability components (like Real User Monitoring, Synthetic Monitoring, ...) available. 

---------------------
Chaos Smoother | Data Wrangler
0 Karma

apietsch
Splunk Employee
Splunk Employee

That helps. 

You can surely look on https://splunkbase.splunk.com if there is an add-on for your SaaS application. Usually you get the technical mechanisms in an add-on and the visual knowledge objects like dashboards in an app. But sometimes it's a combination. Please refer to the documentation of the app/add-on to see what it is capable of.

If there is one, you would see that you get that into your Splunk environment. Either Splunk cloud or Splunk Enterprise. The add-on should be vetted for your instance and version.  After that you follow the instructions of the app/add-on to onboard the data. 

If there is nothing available in splunkbase you would start from scratch. For that the add-on builder is a good start. You would create the mechanism to get the data from the SaaS REST API, extract the fields and create dashboards after that. That's the usual process. 

---------------------
Chaos Smoother | Data Wrangler
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...