Configuration

To enable the integration between Splunk Enterprise and Secret Server, you must configure Splunk Enterprise.

Configuring Splunk Enterprise

  1. Go to Splunk enterprise > Settings > Add Data > Monitor.

  2. On the Select Source page, select TCP/UDP.

  3. Select UDP and enter the port configured in Secret Server (for example, TCP 6514).

    alt

  4. On the Input Settings page, select Next and select syslog as the source type.

    alt

  5. In the Index list, select Default.

  6. Select Review.

  7. On the Review page, review the information and select Submit.

    The message “TCP input has been created successfully” appears.

    alt

  8. Select Start Searching.

  9. On the New Search page, in the New Search box, enter the query and select the Search icon.

    alt