Set up a Splunk connector
Why does this connector look different from most others? This connector leverages the Baton connector for Splunk, an open-source connector developed by ConductorOne.
Are you a Splunk Cloud user? This page has instructions for integrating ConductorOne with Splunk Enterprise. If you want to integrate ConductorOne with your Splunk Cloud instance, follow the instructions in the Splunk connector’s README file.
Capabilities
Sync user identities from Splunk Enterprise to ConductorOne
Resources supported:
- Deployments
- Roles
- Capabilities
- Applications
Integrate your Splunk Enterprise connector
Before you begin:
Prepare a Splunk Enterprise image for the
baton-splunk
connector by following the Splunk Enterprise documentation to Deploy and run Splunk Enterprise inside a Docker container. Note that the Splunk Docker image only supports x86_64 CPU architecture.Make sure that token authentication is enabled for your Splunk Enterprise instance.
Step 1: Generate an API token
Splunk Enterprise authentication tokens inherit the same permission set as the user associated with the token. Make sure that the user associated with the token you create has permission to read all users, roles, deployments, capabilities, and applications for your instance.
If you want to create tokens for yourself, your account must have a role that has the edit_tokens_own
capability. If you want to create tokens for another user on the instance (such as a service account), your account must have a role that has the edit_tokens_all
capability.
Sign into Splunk Enterprise.
Click Settings and select Tokens from the menu.
If necessary, click Enable Token Authentication.
On the Tokens page, click New Token.
Fill out the form and click Create.
The token is generated. Carefully copy and save the token value. We’ll use it in Step 2.
Step 2: Install baton-splunk
Run the Docker command shown below to install
baton-splunk
, substituting in the required credentials (see thebaton-splunk
repo’s README for details).SPLUNK_ADMIN_PASSWORD=admin_pass BATON_TOKEN=token BATON_UNSAFE=true docker-compose up
The instance comes with TLS disabled by default. To bypass validation of TLS certificates, set
BATON_UNSAFE
environment variable totrue
or use the--unsafe
flag.To gain more verbose output, set the
BATON_VERBOSE
environment variable totrue
or use the--verbose
flag. This mode lists Application and Capability entitlements and grants.
Step 3: Set up the Splunk connector in ConductorOne
This step requires the Connector Administrator or Super Administrator role in ConductorOne.
In ConductorOne, click Connectors > Add connector.
Search for Baton and click Add.
Choose whether to add the Splunk connector to an existing application in ConductorOne (and select the app of your choice) or to create a new Baton application.
Once the connection is established between Splunk Enterprise and ConductorOne, the new application’s name will automatically change from Baton to Splunk.
Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of ConductorOne users. Setting multiple owners is allowed.
Click Next.
If you selected someone else as the connector owner, that person will be notified to take over this process from this point.
Find the Settings area of the page and click Edit.
Click Rotate to generate a new set of credentials. Carefully copy the Client ID and Secret. You’ll use them in Step 4.
Step 4: Add credentials to your Splunk connector
On the server where your the Splunk is running, pass in the Client ID and Secret generated in Step 3 by running
--client-id <CLIENT ID> --client-secret <SECRET>
.Run
baton-splunk --help
to see the list of flags to be used when passing your credentials to the connector.The connector syncs current data, uploads it to ConductorOne, and prints a
Task complete!
message when finished.Check that the connector data uploaded correctly. In ConductorOne, click Applications. On the Managed apps tab, locate and click the name of the application you added the Splunk connector to. Splunk data should be found on the Groups, Roles, Resources, and Accounts tabs, as appropriate.
Now that baton-splunk
is installed and the connector is set up, Baton runs as a service in your environment. The service maintains contact with ConductorOne, syncs and uploads data at regular intervals, and passes that data to the ConductorOne UI, where you and your colleagues can use it to run access reviews and facilitate access requests for the application.