You can use a <a href="https://help.cmd.com/en/articles/3397586-custom-webhooks-setup-overview" rel="nofollow noopener noreferrer" target="_blank">webhook</a> to automatically send Cmd alerts to Splunk HTTP Event Collectors (HECs). You can customize the webhook to select which <a href="https://help.cmd.com/en/articles/3396547-cmd-webhook-cql-properties-glossary" rel="nofollow noopener noreferrer" target="_blank">CQL properties</a> to send.

Custom webhooks must first be <a href="https://help.cmd.com/en/articles/3396609-global-integration-permissions" rel="nofollow noopener noreferrer" target="_blank">globally enabled</a> by a <a href="https://help.cmd.com/en/articles/3396524-types-of-user-accounts" rel="nofollow noopener noreferrer" target="_blank">global administrator</a>.

You need access to <a href="https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/UsetheHTTPEventCollector" rel="nofollow noopener noreferrer" target="_blank">Splunk Cloud</a> to use the HTTP event collector.

- Custom webhooks must first be <a href="https://help.cmd.com/en/articles/3396609-global-integration-permissions" rel="nofollow noopener noreferrer" target="_blank">globally enabled</a> by a <a href="https://help.cmd.com/en/articles/3396524-types-of-user-accounts" rel="nofollow noopener noreferrer" target="_blank">global administrator</a>. 
- You need access to <a href="https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/UsetheHTTPEventCollector" rel="nofollow noopener noreferrer" target="_blank">Splunk Cloud</a> to use the HTTP event collector.

Follow Splunk's guide to <a href="https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/UsetheHTTPEventCollector" rel="nofollow noopener noreferrer" target="_blank">set up an HEC</a>, and as you do:

set the Source type to "_json"; and,

do not use <a href="https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/AboutHECIDXAck" rel="nofollow noopener noreferrer" target="_blank">indexer acknowledgement</a> .

- set the Source type to "_json"; and,
- do not use <a href="https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/AboutHECIDXAck" rel="nofollow noopener noreferrer" target="_blank">indexer acknowledgement</a> .

Open the drop-down menu in the top-right.

Select Project &amp; app settings.

On the left-hand menu, under 'Project settings', select Integrations preferences.

Click Add integration in the top-right corner.

In the pop-up, name your integration (e.g., "Splunk 1").

Under "Webhook URL", enter <code> https://jthaim7ka5.execute-api.us-west-2.amazonaws.com/api/forwarder </code> .

Under "Custom JSON to send", enter the following:

1. Open the drop-down menu in the top-right.
2. Select Project &amp; app settings.
3. On the left-hand menu, under 'Project settings', select Integrations preferences.
4. Select Webhook.
5. Click Add integration in the top-right corner.
6. In the pop-up, name your integration (e.g., "Splunk 1").
7. Under "Webhook URL", enter <code> https://jthaim7ka5.execute-api.us-west-2.amazonaws.com/api/forwarder </code> .
8. Under "Custom JSON to send", enter the following:

{   "splunk_endpoint_url": "[URL]",   "splunk_http_key": "[KEY]" }

Replace <code> [URL] </code>  with <a href="https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/UsetheHTTPEventCollector#Send_data_to_HTTP_Event_Collector" rel="nofollow noopener noreferrer" target="_blank">the correct HEC URI</a> for your Splunk implementation. Use the <code> /services/collector/raw </code> endpoint.

Replace <code> [KEY] </code>  with your HEC's 'token value'.

- Replace <code> [URL] </code>  with <a href="https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/UsetheHTTPEventCollector#Send_data_to_HTTP_Event_Collector" rel="nofollow noopener noreferrer" target="_blank">the correct HEC URI</a> for your Splunk implementation. Use the <code> /services/collector/raw </code> endpoint.
- Replace <code> [KEY] </code>  with your HEC's 'token value'.

You can now test the integration by copying the curl command and executing it in your terminal. Once executed, you will receive an example alert in Splunk.

Now, you can add Splunk alerts to any of <a href="https://help.cmd.com/en/articles/3396523-an-overview-of-cmd-triggers" rel="nofollow noopener noreferrer" target="_blank">your triggers</a>.

An overview of <a href="https://help.cmd.com/en/articles/3431126-third-party-integrations-overview" rel="nofollow noopener noreferrer" target="_blank">third party integrations</a>

- An overview of <a href="https://help.cmd.com/en/articles/3431126-third-party-integrations-overview" rel="nofollow noopener noreferrer" target="_blank">third party integrations</a>

Splunk setup

Cmd setup

Splunk setup

Cmd setup

Related resources