Integration with Splunk

Integrating Splunk with an AI platform enables advanced analytics, real-time insights, and predictive capabilities on machine data. Splunk excels at collecting, indexing, and analyzing large volumes of machine-generated data from various sources. At the same time, AI platforms can leverage this data to perform deeper analysis, predictive modeling, and automation.

This section covers:

Use Cases

  • Application Flow monitoring using time-series data.

  • Real-time insights using application flow data.

  • Anomaly detection in security events.

  • Predictive maintenance using time-series data.

  • Automated response to network or system failures.

Port Table

Service
Component
Port Mapping
Description

Splunk

Web Interface

8090:8000

Splunk Web Interface for user access

Splunk

Management Port

8092:8089

Splunk Management Port for API access

Splunk

HTTP Event Collector (HEC)

8091:8088

Splunk HEC for receiving event data

Splunk Collector

Splunk Management API

https://splunk:8089

Splunk management API endpoint

Splunk Collector

Splunk Index

N/A

Default Splunk index (main)

Deployment

The Splunk Collector is part of the NCP package, that can be invoked from CLI to create integration

  • Navigate to ingestion -> splunk inside the NCP directory

  • Run the Installer ./install.sh

  • Provide the installer with the information below,

    • Enter Splunk credentials

    • Enter Splunk index

    • Enter Splunk source and source type (if customer configured)

Uninstall Splunk Integration

To Uninstall Splunk integration run the below script from the NCP package,

  • Navigate to ingestion -> splunk inside the NCP directory

  • Run the Installer ./uninstall.sh

PreviousIntegration with SnowflakeNextUse Cases

Last updated