Splunk Integration

1. Create an HTTP Event Collector endpoint

The first step is to create an HTTP Event Collector endpoint. The instructions to create an endpoint vary slightly depending on the type of Splunk installation you’re configuring. See Splunk’s documentation on creating an HTTP Event Collector for a complete walkthrough.

2. Copy the HTTP Event Collector token value

Once you have completed creating an HTTP Event Collector, you can copy the HTTP Event Collector token value. Save this value in a safe place; you will need it to configure ScreenConnect.

3. Construct the HTTP Event Collector URI

The HTTP Event Collector URI gives the integration the location of the HTTP Event Collector that you created in the previous step. Depending on your Splunk installation, it can be constructed differently.

For our Splunk Cloud instance, our URI is:

https://myinstance.splunkcloud.com:8088/services/collector

See Splunk’s documentation and contact your Splunk admin if you have additional questions about constructing the HTTP Event Collector URI.

1. Navigate to your ScreenConnect instance

2. Navigate to the Administration > Extensions page

3. Click Browse Extension Marketplace

4. Search for the Splunk Integration

5. Select the extension and click Install

1. Navigate to your ScreenConnect instance's Administration > Extensions page

2. Click the Extras menu in the navigation column and select Configure Splunk Integration

3. Enter the Splunk HTTP Event Collector information

Enter the HTTP Event Collector URI and HTTP Event Collector Token from the previous steps.

4. Select the event types to send to Splunk

Select the session events and security event types that you want to send to Splunk. By default, all events are sent to Splunk. Click All Events to open a selection panel. Click an event to deselect it.

5. Click Save to save your changes and close the dialog