This content is being deprecated.
Please see our new Kisi Docs portal at docs.kisi.io
Relevant section: Splunk
Integration with Splunk is possible by leveraging Event Webhooks.
When working with webhooks, some services require transformation or formatting of the data before it can be used. In these cases, it's possible to use a combination of Kisi's external webhook integration alongside a script or service that can accept the raw event data, then format and POST it to a secondary address.
In this example, we will demonstrate forwarding events from Kisi into Splunk Cloud. Splunk Cloud requires an authorization header token to be included in any requests to successfully enter data into an index. Because the Kisi Webhook integration does not support custom headers, we'll be using an intermediate service called Zapier to capture and resend the data in the format Splunk expects.
Create Splunk Token
To create a Splunk Token:
- Sign in to your Splunk instance
- Under Settings/Data inputs, create a new HTTP Event Collector
- Choose a name, then click Next
- For Input Settings, under the Index section, choose the default index where the Kisi data should appear. Select Review when done.
- On the final page of the setup, you'll see Token has been created successfully. This value will be used in the Authentication header of the Zapier setup below.
Set up Zapier Trigger
To set up the Zapier trigger:
- Sign in to Zapier
- Click on Make a Zap and choose Webhooks by Zapier as the Trigger
- Choose Catch Hook as the Trigger Event
- Click Continue
- In the next area, you're presented with a Custom Webhook URL. Copy this address, and navigate to your Kisi Admin app
Create Kisi Webhook
To create a Webhook integration:
- Sign in to your Kisi account
- Select your Kisi Place
- Under Setup, click on Integrations and then Add Integration
- Enter a friendly name for your integration, and choose Event Webhook from the Type dropdown menu
- In the URL field, enter the destination URL copied from Zapier
- Click Save
Set up Zapier Action
To complete the Zap:
- Return to Zapier and click Continue. You can test the trigger and verify it can read any recent Kisi events
- Click Continue and move on to Step 2 (Action setup)
- Choose Webhooks by Zapier, make the Action Event Custom Request
- Click Continue.
- Under Set up action, choose POST as the Method, and enter the collector URL for your Splunk Cloud instance, for example
- Enable Data Pass-Through, and add an Authorization header using the token you generated in your Splunk Cloud Admin setup
- Choose Continue and test the Zap or turn it on. New events in Kisi will trigger to the catch webhook, then POST to Splunk. You can verify this in Splunk by searching the index configured for Kisi events: