Before you begin configuring the Splunk Integration within Cyara, Splunk needs to be correctly setup.
Setting up the Splunk Event Collector
Read our detailed Event Collector Setup instructions before you begin building the Splunk Integration in Cyara.
For more information, see Adding an Impersonation User.
Creating a Splunk Integration
Splunk is a platform monitoring tool that can be used to monitor various Cyara platform components, such as Pulse Dashboards.
To build an integration with Splunk, follow the steps below.
- Login to your Cyara Portal.
- Click .
- Click the New Integration button.
- Select Splunk from the Type dropdown menu.
- Enter a Name and a Description for the integration.
- Select an Impersonation User to access the Cyara REST API.
- Select which Dashboard should be used as the source of monitoring data to push to Splunk. To push all your Pulse results, select Global Dashboard. Results will be sent to Splunk as soon as results are recorded.
Enter the Splunk API Url for your Splunk environment, and an associated Authorization Token to access your Splunk Event Collector (see document about setting up an Event Collector in Splunk).
- Click the New Event Field button and you will be prompted to enter a
Field Name and Field Value.
- The Field Name will be attached to the event when pushed to Splunk.
- The Field Value can either be a constant or a template for the event field. See below for a list of Event Field Variables.
- Enter the Event Fields that you want to push to Splunk. After each has been entered, click Save Details.
Once the Integration has been saved, enable it by setting the toggle in the top right of the integration editing screen to Enabled.
Splunk Field Mapping Example
Following is an example field mapping that includes multiple Event Field Templates.
Field - Text Value - Test case '$TestCaseName' completed '$Result'. View the full results at $Url
In this example, when an example Test Case named "Test1" in Cyara completed successfully the Text field in the generated Splunk event would populate with the following:
"Test case 'Test1' completed 'Successfully'. View the results at /Cyaraportal/
Log Aggregator Field Variables
The following table shows possible template values of fields to be pushed to Splunk. These fields can also use a static value instead of a template. A template can contain one or more replacement variables from the table below:
|The Url to the Portal Detailed Result page
|Test Result Category
|Service Group Name
|Failed Step Description
|Failed Step No
|Test Case Description
|Test Case Name
|Test Case Notes
|The full Test Result in json (failed only)