Set up a Splunk connector

Capabilities
Gather Splunk credentials
Generate an API token
Configure the Splunk connector

Are you a Splunk Cloud user? This page has instructions for integrating ConductorOne with Splunk Enterprise. If you want to integrate ConductorOne with your Splunk Cloud instance, follow the instructions in the Splunk connector’s README file.

Capabilities

Resource	Sync	Provision
Accounts
Deployments
Roles
Capabilities
Applications

Gather Splunk credentials

Configuring the connector requires you to pass in credentials generated in Splunk. Gather these credentials before you move on.

Before you begin:

Prepare a Splunk Enterprise image for the baton-splunk connector by following the Splunk Enterprise documentation to Deploy and run Splunk Enterprise inside a Docker container. Note that the Splunk Docker image only supports x86_64 CPU architecture.
Make sure that token authentication is enabled for your Splunk Enterprise instance.

Generate an API token

Splunk Enterprise authentication tokens inherit the same permission set as the user associated with the token. Make sure that the user associated with the token you create has permission to read all users, roles, deployments, capabilities, and applications for your instance. If you want to create tokens for yourself, your account must have a role that has the edit_tokens_own capability. If you want to create tokens for another user on the instance (such as a service account), your account must have a role that has the edit_tokens_all capability.

Sign into Splunk Enterprise.

Click Settings and select Tokens from the menu.

If necessary, click Enable Token Authentication.

On the Tokens page, click New Token.

Fill out the form and click Create.

The token is generated. Carefully copy and save the token value.

That’s it! Next, move on to the connector configuration instructions.

Configure the Splunk connector

To complete this task, you’ll need:

The Connector Administrator or Super Administrator role in ConductorOne
Access to the set of Splunk credentials generated by following the instructions above

Cloud-hosted
Self-hosted

Follow these instructions to use a built-in, no-code connector hosted by ConductorOne.Cloud-hosted connector not currently available.

Follow these instructions to use the Splunk connector, hosted and run in your own environment.When running in service mode on Kubernetes, a self-hosted connector maintains an ongoing connection with ConductorOne, automatically syncing and uploading data at regular intervals. This data is immediately available in the ConductorOne UI for access reviews and access requests.

Step 1: Set up a new Splunk connector

In ConductorOne, navigate to Connectors > Add connector.

Search for Baton and click Add.

Choose how to set up the new Splunk connector:

Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren’t yet managed with ConductorOne)
Add the connector to a managed app (select from the list of existing managed apps)
Create a new managed app

Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of ConductorOne users. Setting multiple owners is allowed.If you choose someone else, ConductorOne will notify the new connector owner by email that their help is needed to complete the setup process.

Click Next.

In the Settings area of the page, click Edit.

Click Rotate to generate a new Client ID and Secret.Carefully copy and save these credentials. We’ll use them in Step 2.

Step 2: Create Kubernetes configuration files

Create two Kubernetes manifest files for your Splunk connector deployment:

Secrets configuration

# baton-splunk-secrets.yaml
apiVersion: v1
kind: Secret
metadata:
  name: baton-splunk-secrets
type: Opaque
stringData:
  # ConductorOne credentials
  BATON_CLIENT_ID: <ConductorOne client ID>
  BATON_CLIENT_SECRET: <ConductorOne client secret>
  
  # Splunk credentials
  BATON_TOKEN: <Splunk API token>
  BATON_PASSWORD: <Password to the Splunk account>
  BATON_USERNAME: <Username for the Splunk account>

  # Optional: include if you want to list Application and Capability entitlements and grants
  BATON_VERBOSE: true

  # Optional: include if you want to allow insecure TLS connections to Splunk
  BATON_UNSAFE: true

See the connector’s README or run --help to see all available configuration flags and environment variables.

Deployment configuration

# baton-splunk.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: baton-splunk
  labels:
    app: baton-splunk
spec:
  selector:
    matchLabels:
      app: baton-splunk
  template:
    metadata:
      labels:
        app: baton-splunk
        baton: true
        baton-app: splunk
    spec:
      containers:
      - name: baton-splunk
        image: ghcr.io/conductorone/baton-splunk:latest
        imagePullPolicy: IfNotPresent
        env:
        - name: BATON_HOST_ID
          value: baton-splunk
        envFrom:
        - secretRef:
            name: baton-splunk-secrets

Step 3: Deploy the connector

Create a namespace in which to run ConductorOne connectors (if desired), then apply the secret config and deployment config files.

Check that the connector data uploaded correctly. In ConductorOne, click Applications. On the Managed apps tab, locate and click the name of the application you added the Splunk connector to. Splunk data should be found on the Entitlements and Accounts tabs.

That’s it! Your Splunk connector is now pulling access data into ConductorOne.

Set up a Nexus connector

Set up a VictorOps connector

⌘I

Welcome

Build connectors

Configure connectors

Deploy connectors

Upload connector data

Connector library

Capabilities

Gather Splunk credentials

Generate an API token

Configure the Splunk connector

Step 1: Set up a new Splunk connector

Step 2: Create Kubernetes configuration files

Secrets configuration

Deployment configuration

Step 3: Deploy the connector

Welcome

Build connectors

Configure connectors

Deploy connectors

Upload connector data

Connector library

​Capabilities

​Gather Splunk credentials

​Generate an API token

​Configure the Splunk connector

​Step 1: Set up a new Splunk connector

​Step 2: Create Kubernetes configuration files

​Secrets configuration

​Deployment configuration

​Step 3: Deploy the connector

Capabilities

Gather Splunk credentials

Generate an API token

Configure the Splunk connector

Step 1: Set up a new Splunk connector

Step 2: Create Kubernetes configuration files

Secrets configuration

Deployment configuration

Step 3: Deploy the connector