Kisi wordmark

HelpSpace

search
close

Try searching for

integrations

getting started

apple watch app

blinkup

arrow up arrow down

navigate

esc to close

Integrate with Splunk

Updated

This content is being deprecated.
Please see our new Kisi Docs portal at docs.kisi.io
Relevant section: Splunk

Integration with Splunk is possible by leveraging Event Webhooks.

When working with webhooks, some services require transformation or formatting of the data before it can be used. In these cases, it's possible to use a combination of Kisi's external webhook integration alongside a script or service that can accept the raw event data, then format and POST it to a secondary address.

In this example, we will demonstrate forwarding events from Kisi into Splunk Cloud. Splunk Cloud requires an authorization header token to be included in any requests to successfully enter data into an index. Because the Kisi Webhook integration does not support custom headers, we'll be using an intermediate service called Zapier to capture and resend the data in the format Splunk expects.

Create Splunk Token

To create a Splunk Token:

  1. Sign in to your Splunk instance
  2. Under Settings/Data inputs, create a new HTTP Event Collector
  3. Choose a name, then click Next
    Screen_Shot_2021-03-04_at_10.45.59_AM.png
  4. For Input Settings, under the Index section, choose the default index where the Kisi data should appear. Select Review when done.
    Screen_Shot_2021-03-04_at_10.46.21_AM.png
  5. On the final page of the setup, you'll see Token has been created successfully. This value will be used in the Authentication header of the Zapier setup below.

Set up Zapier Trigger

To set up the Zapier trigger:

  1. Sign in to Zapier
  2. Click on Make a Zap and choose Webhooks by Zapier as the Trigger
  3. Choose Catch Hook as the Trigger Event
  4. Click Continue
    zapier-webhooks.png
  5. In the next area, you're presented with a Custom Webhook URL. Copy this address, and navigate to your Kisi Admin app
    zapier-catch-webhook.png

Create Kisi Webhook

To create a Webhook integration:

  1. Sign in to your Kisi account
  2. Select your Kisi Place
  3. Under Setup, click on Integrations and then Add Integration
  4. Enter a friendly name for your integration, and choose Event Webhook from the Type dropdown menu
  5. In the URL field, enter the destination URL copied from Zapier

    kisi-zapier-splunk.png

  6. Click Save

Set up Zapier Action

To complete the Zap:

  1. Return to Zapier and click Continue. You can test the trigger and verify it can read any recent Kisi events
    zapier-test-trigger.png
  2. Click Continue and move on to Step 2 (Action setup)
  3. Choose Webhooks by Zapier, make the Action Event Custom Request
    zapier-action-custom-request.png
  4. Click Continue.
  5. Under Set up action, choose POST as the Method, and enter the collector URL for your Splunk Cloud instance, for example https://<instancename>.splunkcloud.com:8088/services/collector/raw
  6. Enable Data Pass-Through, and add an Authorization header using the token you generated in your Splunk Cloud Admin setup
    zapier-action-settings.png
  7. Choose Continue and test the Zap or turn it on. New events in Kisi will trigger to the catch webhook, then POST to Splunk. You can verify this in Splunk by searching the index configured for Kisi events:13.PNG

Written by Joao,

Was this article helpful?
Have more questions? Submit a request

Related articles