Splunk Enterprise Security

The data source type for Splunk Enterprise Security collects alerts that are forwarded from Splunk Enterprise Security.

To integrate Splunk Enterprise Security with the QRadar® product, complete the following steps:
  1. Configure your Splunk Enterprise Security platform to send alerts to the QRadar product. For more information, see Configuring Splunk Enterprise Security to communicate with the QRadar product.
  2. Add a Splunk Enterprise Security data source.

    When you configure the data source, use the Universal Cloud REST API connector to pull alerts from Splunk Enterprise Security.

    For more information about adding a data source, see Adding ingestion data sources.

  3. If you want to enable federated search for your Splunk Enterprise Security platform, configure a connection to the data source. For more information, see Connecting data sources for federated search and querying.

If you are an IBM® QRadar user, see Terminology changes for QRadar customers.