{"_id":"56fadd20df6e7f0e00dc13e9","parentDoc":null,"__v":26,"project":"55c505b41469ad2500fa2ab7","user":"55c50f4a7c199a2f00665cbf","version":{"_id":"55d3b644f77e6d0d00b1b273","project":"55c505b41469ad2500fa2ab7","__v":6,"createdAt":"2015-08-18T22:48:36.632Z","releaseDate":"2015-08-18T22:48:36.632Z","categories":["55d3b645f77e6d0d00b1b274","55d3b645f77e6d0d00b1b275","55d3b645f77e6d0d00b1b276","55d3b645f77e6d0d00b1b277","55d3b645f77e6d0d00b1b278","55d3b645f77e6d0d00b1b279","55d3b645f77e6d0d00b1b27a","55d3b645f77e6d0d00b1b27b","55d3b645f77e6d0d00b1b27c","55d3b645f77e6d0d00b1b27d","55d7c2939510f00d007ec6fe","56fac9925df15a20002972a2","56fb2f7668e1d30e00a0b672","583498d411e8af2500f6b334","58e52a180ab7b03b00f4a97a"],"is_deprecated":false,"is_hidden":false,"is_beta":true,"is_stable":true,"codename":"","version_clean":"1.1.0","version":"1.1"},"category":{"_id":"56fac9925df15a20002972a2","version":"55d3b644f77e6d0d00b1b273","project":"55c505b41469ad2500fa2ab7","__v":0,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-03-29T18:29:38.389Z","from_sync":false,"order":10,"slug":"logging-tool-integrations","title":"Logging Tool Integrations"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-03-29T19:53:04.804Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":3,"body":"**How it works : **\n1. You add your Splunk username and password in the integration page in Neptune\n2. Attach a \"GET_LOGS\" action to any of the Neptune rules to get logs from your Splunk account very easily.\n3. Every time the Neptune is triggered, Neptune pulls the logs from Splunk and makes them available for you.\n\n**Benefits :** Once integrated, Neptune can query logs for given search patterns from Splunk and attach it to any of your Neptune rules. Logs could be very helpful in diagnosing issues faster.\n\n* Grep for the requests causing 5xx errors in response to a high error rate alert.\n* Query all the logs with error information when your API calls are timing out.\n* Get a quick snapshot of API times when application performance is degraded.\n\n## Step 1: Go to your integrations page to get started with Splunk integration.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/FUcGQvpSQnOfAfQd44O7_Screen%20Shot%202016-03-29%20at%201.08.30%20PM.png\",\n        \"Screen Shot 2016-03-29 at 1.08.30 PM.png\",\n        \"1919\",\n        \"953\",\n        \"\",\n        \"\"\n      ],\n      \"caption\": \"Splunk Integration\"\n    }\n  ]\n}\n[/block]\n## Step 2: Add Splunk username and password with endpoint in Neptune integration page. \nMake sure you enter the correct endpoint and admin port. If you are getting 303 error, it means that you've likely only entered the webportal endpoint not the admin (aka splunkd) port. \n\nRefer to this Splunk forum thread for troubleshooting:\nhttps://answers.splunk.com/answers/13940/receiving-an-http-303-see-other-response-from-splunk-server-using-the-api.html\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/Sr6UW5HVQoq49UBG2Zro_Screen%20Shot%202016-03-29%20at%201.12.40%20PM.png\",\n        \"Screen Shot 2016-03-29 at 1.12.40 PM.png\",\n        \"1918\",\n        \"359\",\n        \"#3d0424\",\n        \"\"\n      ],\n      \"caption\": \"Add Splunk integration\"\n    }\n  ]\n}\n[/block]\n**That's it! Splunk integration is done. Now you can get logs from Splunk with steps below.**\n\n## Step 3: Attach an action to get logs from Splunk to any of Neptune rules\n\nTo any of your Neptune rules, add a new `GET_LOGS` action with target as Splunk. Use existing Splunk runbook and tweak it for your purposes.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/mNsA9ySSQisU1tFtAwX6_Screen%20Shot%202016-03-29%20at%201.17.55%20PM.png\",\n        \"Screen Shot 2016-03-29 at 1.17.55 PM.png\",\n        \"1667\",\n        \"821\",\n        \"#cd341b\",\n        \"\"\n      ],\n      \"caption\": \"Add Neptune webhook in Papertrail\"\n    }\n  ]\n}\n[/block]","excerpt":"","slug":"splunk","type":"basic","title":"Splunk"}
**How it works : ** 1. You add your Splunk username and password in the integration page in Neptune 2. Attach a "GET_LOGS" action to any of the Neptune rules to get logs from your Splunk account very easily. 3. Every time the Neptune is triggered, Neptune pulls the logs from Splunk and makes them available for you. **Benefits :** Once integrated, Neptune can query logs for given search patterns from Splunk and attach it to any of your Neptune rules. Logs could be very helpful in diagnosing issues faster. * Grep for the requests causing 5xx errors in response to a high error rate alert. * Query all the logs with error information when your API calls are timing out. * Get a quick snapshot of API times when application performance is degraded. ## Step 1: Go to your integrations page to get started with Splunk integration. [block:image] { "images": [ { "image": [ "https://files.readme.io/FUcGQvpSQnOfAfQd44O7_Screen%20Shot%202016-03-29%20at%201.08.30%20PM.png", "Screen Shot 2016-03-29 at 1.08.30 PM.png", "1919", "953", "", "" ], "caption": "Splunk Integration" } ] } [/block] ## Step 2: Add Splunk username and password with endpoint in Neptune integration page. Make sure you enter the correct endpoint and admin port. If you are getting 303 error, it means that you've likely only entered the webportal endpoint not the admin (aka splunkd) port. Refer to this Splunk forum thread for troubleshooting: https://answers.splunk.com/answers/13940/receiving-an-http-303-see-other-response-from-splunk-server-using-the-api.html [block:image] { "images": [ { "image": [ "https://files.readme.io/Sr6UW5HVQoq49UBG2Zro_Screen%20Shot%202016-03-29%20at%201.12.40%20PM.png", "Screen Shot 2016-03-29 at 1.12.40 PM.png", "1918", "359", "#3d0424", "" ], "caption": "Add Splunk integration" } ] } [/block] **That's it! Splunk integration is done. Now you can get logs from Splunk with steps below.** ## Step 3: Attach an action to get logs from Splunk to any of Neptune rules To any of your Neptune rules, add a new `GET_LOGS` action with target as Splunk. Use existing Splunk runbook and tweak it for your purposes. [block:image] { "images": [ { "image": [ "https://files.readme.io/mNsA9ySSQisU1tFtAwX6_Screen%20Shot%202016-03-29%20at%201.17.55%20PM.png", "Screen Shot 2016-03-29 at 1.17.55 PM.png", "1667", "821", "#cd341b", "" ], "caption": "Add Neptune webhook in Papertrail" } ] } [/block]