Skip to main content
All CollectionsSend alerts to your own tools
Send alerts to Splunk
Send alerts to Splunk

Configure the Splunk app to send alerts directly to Splunk.

Audrey Garcia avatar
Written by Audrey Garcia
Updated over 5 months ago

Beacon is now Guard Detect, which is part of Atlassian Guard. Read the blog

The Guard Detect Add-on for Splunk is a powerful integration that enables you to index alerts in Splunk. With the add-on, we meet you where you work; alerting you to potential threats in your Atlassian cloud environment.

Get the Guard Detect Add-on for Splunk

Step 1: Install the app

The way you install the app will depend on your Splunk deployment:

Remember to restart your Splunk instance after installing the app to make sure it functions correctly.

Step 2: Add your API token

You will need to create an API token in your Atlassian Account to connect the Splunk app. How to create an API token in Atlassian Account.

To create and add your API token:

  1. Log in to https://id.atlassian.com/manage-profile/security/api-tokens.

  2. Click Create API token.

  3. Enter a name for the token. Make a note of the name, you’ll need this later.

  4. Copy the API token, you’ll need this later.

  5. In Splunk, select Apps > Guard Detect Add-on for Splunk.

  6. Select Add.

  7. Enter a name for the API token configuration.

  8. Enter your email address (for the Atlassian Account used to create the token).

  9. Enter the API token you created earlier.

  10. Select Add to save the configuration.

Step 3: Add Guard Detect as a new input

Next you need to add Guard Detect as an input.

To add an input:

  1. In Splunk, select Apps > Guard Detect Add-on for Splunk.

  2. Select the Input tab.

  3. Select Create new input.

  4. Select the API token you created in the previous step.

  5. Enter the Guard Detect workspace URL in the format https://detect-domain/w/your-workspace/alerts

  6. Enter a Name for the input.

  7. Set the Interval for the scripted input to run, in seconds.

  8. Select which Index to send alert data to.

  9. Specify a custom source tag for the alert data. This is optional.

Step 4: Check the input

To check the integration is working correctly:

  1. In Splunk, select Apps > Guard Detect Add-on for Splunk.

  2. Select the Input Health tab.

  3. Check for any errors. If the integration is working you should see an input ran successfully message.

The app will now continuously monitor for and index new Guard Detect alerts in near real-time. How often this happens will depend on the interval you specified in the input configuration.

Step 5: Send a test alert

To send a test alert:

  1. In Guard Detect, go to Integrations > SIEM forwarding.

  2. Select Send test alert.

If the integration is working you should be able to search for the test alert.

Did this answer your question?