Connect to Splunk Data in ACL Analytics

ACL Analytics, part of Diligent HighBond, is a powerful data analysis software primarily used for audit, risk management, and compliance. It enables professionals to examine and analyze large volumes of data to identify anomalies, trends, and potential risks or fraudulent activities.

CData Connect Cloud offers a dedicated cloud-to-cloud interface for Splunk, enabling analytics directly from live Splunk data within ACL Analytics, all without the need for data replication to a native database. With its inherent optimized data processing capabilities, CData Connect Cloud efficiently channels all supported SQL operations, including filters and JOINs, directly to Splunk. This leverages server-side processing to swiftly deliver the requested Splunk data.

Configure Splunk Connectivity for ACL Analytics

Connectivity to Splunk from ACL Analytics is made possible through CData Connect Cloud. To work with Splunk data from ACL Analytics, we start by creating and configuring a Splunk connection in CData Connect Cloud.

1. Log into Connect Cloud, click Sources, and then click Add Connection

2. Select "Splunk" from the Add Connection panel

3. Enter the necessary authentication properties to connect to Splunk. Enter the necessary authentication properties to connect to Splunk.

   To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

   The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

   If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

   
4. Click Create & Test
5. Navigate to the Permissions tab in the Add Splunk Connection page and update the User-based permissions.

Add a Personal Access Token

When connecting to Connect Cloud through the REST API, the OData API, or the Virtual SQL Server, a Personal Access Token (PAT) is used to authenticate the connection to Connect Cloud. It is best practice to create a separate PAT for each service to maintain granularity of access.

1. Click on the Gear icon () at the top right of the Connect Cloud app to open the settings page.
2. On the Settings page, go to the Access Tokens section and click Create PAT.
3. Give the PAT a name and click Create.
4. The personal access token is only visible at creation, so be sure to copy it and store it securely for future use.

With the connection configured and a PAT generated, you are ready to connect to Splunk data from ACL Analytics.

Connect to Splunk from ACL Analytics

The steps below outline connecting to CData Connect Cloud from ACL Analytics to create a new Splunk data source. The CData Connect Cloud Virtual SQL Server allows you to establish a connection to your data from integration tools that support connections to SQL servers. The Virtual SQL Server mimics the behavior of a traditional SQL server, and it supports a range of query options.

1. With your Analytics File open, select 'Import' --> 'Database and application'
2. Create a new SQL Server connection
3. Set the connection information
   • Server: tds.cdata.com
   • Port: 14333
   • Auth Scheme: Password
   • Username: a Connect Cloud user, for example, [email protected]
   • Password: the PAT for the above Connect Cloud user
   • Database: the name of your Splunk connection, for example, Splunk1
   
4. Click "Test Connection"
5. Click "OK"
6. You are now ready to work with your Splunk data in ACL Analytics!

Live connections to Splunk data from your applications

ACL Analytics can now connect to live Splunk data directly through Connect Cloud, allowing you to analyze Splunk data without duplicating it.

To get live data access to 100+ SaaS, Big Data, and NoSQL sources directly from your applications, try CData Connect Cloud today!