Splunk Integration
Option 1 - HTTP Event Collector (HEC)
1. Enable HEC in Splunk
In Splunk Web, go to Settings > Data Inputs > HTTP Event Collector and create a token. Note the token and HEC endpoint (typically https://splunk:8088/services/collector/event).
2. Configure in Trapster (Enterprise)
- Go to Settings > Integrations > Webhooks
- Click Add webhook
- Select type Splunk
- Enter your HEC URL and token
- Choose Incidents or Events as the trigger action
- Save
Use Send test event to verify delivery.
3. Configure in Trapster (Community)
Use the API logger:
json
"logger": {
"output": "api",
"format": "default",
"kwargs": {
"url": "https://your-splunk:8088/services/collector/event",
"headers": {
"Authorization": "Splunk <your-hec-token>"
}
}
}Option 2 - Syslog
Forward CEF syslog to a Splunk Universal Forwarder or syslog input. See Syslog for Trapster-side configuration.
Splunk query examples
After events arrive:
index=main sourcetype=_json source=trapster
| stats count by channel, src_ip
| sort -countField names match the Trapster incident/event payload sent by the webhook.
