Skip to content

Splunk Plugin

Jump to bottom
Karthik Kumar Viswanathan edited this page Aug 20, 2021 · 5 revisions

Overall Flow

Input Configuration

How Plugin Works

How Plugin is Installed

  1. Admin downloads Chainkit add-on from SplunkBase.
  2. OR Admin downloads zip file from secure Chainkit subdomain and installs the add-on
  3. Admin configures plugin in Splunk UI, enters their ChainKit Information
  4. Admin tells plugin, listen for events on Index
  5. Plugin is ready for User hardening of data to destination Index

How Plugin is meant to be Used in TCP mode

  1. Plugin is configured to instead listen on TCP port 1234 than to messages on a Index/Query
  2. User sends logs over TCP, destination is Splunk-Host:1234
  3. The plugin now gets log messages, hardens them and sends it to Chainkit, and the hardened log message is seen on Splunk

Copyright Chainkit 2021 | www.chainkit.com | info@chainkit.com | Twitter | LinkedIn | Facebook

Command Line Interface

See it in action

White Papers

Blog

Clone this wiki locally