Integrating Splunk Cloud
Splunk Cloud is a cloud-based security orchestration, automation, and response system. It integrates security infrastructure orchestration, playbook automation, and case management capabilities.
You can integrate Splunk Cloud with the Delinea Platform by using webhooks.
Prerequisites
Ensure you have all the required accounts and utilities before starting the integration:
-
Admin account with federation privileges on the Delinea Platform
-
Admin account in Splunk Cloud
Configuring Splunk Cloud
To use the Splunk Cloud for integration, you must create an HTTP Event Collector, which allows you to send data and application events to a Splunk deployment over the HTTP and Secure HTTP (HTTPS) protocols. For more details, see Splunk official documentation.
Creating an HTTP Event Collector in Splunk Cloud
To create an HTTP Event Collector:
-
Log in to Splunk Cloud as an Administrator.
-
Select the Settings tab then select Add Data.
-
Select Monitor.
-
In the dialog, select HTTP Event Collector.
-
Fill in the form for the new HTTP Event Collector.
-
Click Next > Preview.
-
Verify the details for the newly created HTTP Event Collector and select Submit.
-
Go back to Settings and select Data inputs.
-
Choose your HTTP Event Collector and copy its token value.
Configuring Webhooks on the Delinea Platform
This section explains how to configure webhooks to work with Splunk Cloud. For more details about the concepts and general procedures in this section, see Webhooks Management.
Creating a Webhook
To create a webhook:
-
Log on to the Delinea Platform.
-
From the left navigation menu, select Settings > Webhooks.
-
In the Create Webhook dialog, complete the following fields:
-
Name: Enter a unique name for the webhook to help identify it in your system.
-
Endpoint URL: The HTTP Event Collector (HEC) URL of your Splunk Cloud instance, in the form
https://http-inputs-<customer_stack>.splunkcloud.com/services/collector/raw.Do not include
:443in the Endpoint URL for Splunk Cloud. Splunk Cloud uses port 443 by default for HEC traffic, and including it explicitly in the URL can cause Delinea Platform webhook creation to fail.The
http-inputs-hostname prefix is required. Per Splunk's HEC documentation for Splunk Cloud, data sent to a Splunk Cloud hostname without thehttp-inputs-prefix cannot reach HEC, even if the rest of the URL is correct. -
Description: Enter a brief description of the webhook to provide context about its specific function.
-
Webhook State: Use the checkbox to enable or disable the webhook, where checking it makes the webhook active and unchecking it disables notifications.
-
Triggers: Choose Service, Level, and Event Type for your webhook subscription to receive notifications and add the Target to triggers.
-
Key: Authorization
-
Value: Splunk {insert HEC token here}
Do not enable Indexer acknowledgement on the HEC token used for the Delinea Platform webhook integration. Splunk requires an
X-Splunk-Request-Channelheader on every request to/services/collector/rawwhen indexer acknowledgement is enabled, and the Delinea Platform does not send this header. If indexer acknowledgement is required in your environment, contact Delinea support. -
-
Provide other required details, then click Save.
Testing Webhooks on the Delinea Platform
You can test your webhook to verify that the destination URL is correct and the connection is successful.
To test a webhook:
-
From the left navigation menu, select Settings > Webhooks.
-
Open the webhook and select Action > Test Webhook.
Verifying Splunk Cloud Integration with the Delinea Platform
To confirm that the first connection between the services is successful, you can generate log files and check the integration of the Splunk Cloud and Delinea Platform.
Verifying Integration in Splunk Cloud
To verify Delinea Platform integration with Splunk Cloud:
-
Log in to the Splunk Cloud as an Administrator.
-
In the Search field, enter a query as
index=*. -
Select the search icon to verify logs from the platform.
You should see the latest log files.
Verifying Integration on the Delinea Platform
Based on a webhook test result, you can check the log files. For more details, see Webhooks Logs.




