Splunk Enterprise

How to integrate 3rd party SaaS platform with Splunk

Luckyani
Explorer

Hi

 Looking for guidance related to integrating Splunk on-premise infrastructure with 3rd party SaaS providers. We have a SaaS provider who is exposing the data over Rest API and what's best way to consume them from an Splunk enterprise version? Is there an officially supported Splunk ad-on or modular support that allow us to enable this via some simple configuration rather than building something on our own?

 

0 Karma
1 Solution

Luckyani
Explorer

Thanks for the reply that answers my question

View solution in original post

0 Karma

Luckyani
Explorer

Thanks for reply that answers my question

0 Karma

PickleRick
SplunkTrust
SplunkTrust

There are many different REST APIs. REST API specifies only how to access such API, what it does is a completely different thing so your question is a bit like "is there a general manual for software that I can just tweak a little". Well, no, there isn't. As @richgalloway said - there might already be a solution for your particular product but then again there might not be. Also be wary that some third party apps might be obsolete or of a higly sub-par quality.

Additional question of course is what you mean by "integration". Pulling events from an external service? Using that service as a dynamic lookup? Acting on that service as alert action? Something else?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

It's hard to know what the best way to integrate a product is without knowing what the product itself is.  Check splunkbase to see if there's an existing app/add-on to help integrate.  Perhaps you can use the REST API Modular Input (https://splunkbase.splunk.com/app/1546).  In the worst case, you may need to write your own modular input (it's not that difficult).

---
If this reply helps you, Karma would be appreciated.
0 Karma

Luckyani
Explorer

Thanks for your reply @richgalloway That third party app you mentioned  is exactly what I'm after but we cannot use it since its not officially supported by Splunk so my original question was is there any other similar apps like that supported by Splunk officially I guess the answer is no and only way to achieve the same outcome is that we develop our own modular input?

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

The only place you'll find Splunk-supported apps is splunkbase.  If you're unwilling to use a third-party app then your only option is to create your own.

---
If this reply helps you, Karma would be appreciated.

Luckyani
Explorer

Thanks for the reply that answers my question

0 Karma

PickleRick
SplunkTrust
SplunkTrust

I don't think you can find such a generic app which would be Splunk supported. Good thing is you can try to take this third-party app and review its code before putting it to prod or edit it to suit your needs (but beware of licensing! not all apps are created equal)

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...