---
title: Splunk
description: Resource path:
component: pingam
version: 8.1
page_id: pingam:entity-reference:sec-amster-entity-splunk
canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-splunk.html
section_ids:
sec-amster-entity-splunk-realm-ops: Realm Operations
sec-amster-entity-splunk-realm-ops-create: create
sec-amster-entity-splunk-realm-ops-delete: delete
sec-amster-entity-splunk-realm-ops-getalltypes: getAllTypes
sec-amster-entity-splunk-realm-ops-getcreatabletypes: getCreatableTypes
sec-amster-entity-splunk-realm-ops-nextdescendents: nextdescendents
sec-amster-entity-splunk-realm-ops-query: query
sec-amster-entity-splunk-realm-ops-read: read
sec-amster-entity-splunk-realm-ops-update: update
sec-amster-entity-splunk-global-ops: Global Operations
sec-amster-entity-splunk-global-ops-create: create
sec-amster-entity-splunk-global-ops-delete: delete
sec-amster-entity-splunk-global-ops-getalltypes: getAllTypes
sec-amster-entity-splunk-global-ops-getcreatabletypes: getCreatableTypes
sec-amster-entity-splunk-global-ops-nextdescendents: nextdescendents
sec-amster-entity-splunk-global-ops-query: query
sec-amster-entity-splunk-global-ops-read: read
sec-amster-entity-splunk-global-ops-update: update
---
# Splunk
## Realm Operations
Resource path:
```
/realm-config/services/audit/Splunk
```
Resource version: `0.0`
### create
**Usage**
```
am> create Splunk --realm Realm --id id --body body
```
**Parameters**
* *\--id*
The unique identifier for the resource.
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"commonHandler" : {
"type" : "object",
"title" : "General Handler Configuration",
"propertyOrder" : 0,
"properties" : {
"topics" : {
"title" : "Topics",
"description" : "List of topics handled by an audit event handler.",
"propertyOrder" : 200,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"enabled" : {
"title" : "Enabled",
"description" : "Enables or disables an audit event handler.",
"propertyOrder" : 100,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
}
}
},
"splunkConfig" : {
"type" : "object",
"title" : "Splunk Configuration",
"propertyOrder" : 2,
"properties" : {
"port" : {
"title" : "Server Port",
"description" : "Port number of Splunk server.",
"propertyOrder" : 400,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"host" : {
"title" : "Server Hostname",
"description" : "Host name or IP address of Splunk server.",
"propertyOrder" : 300,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authzToken" : {
"title" : "Authorization Token",
"description" : "Authorization token used to connect to Splunk HTTP Event Collector endpoint.",
"propertyOrder" : null,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"sslEnabled" : {
"title" : "SSL Enabled",
"description" : "Use HTTPS protocol for communication with Splunk.",
"propertyOrder" : 500,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
}
}
},
"commonHandlerPlugin" : {
"type" : "object",
"title" : "Audit Event Handler Factory",
"propertyOrder" : 1,
"properties" : {
"handlerFactory" : {
"title" : "Factory Class Name",
"description" : "The fully qualified class name of the factory responsible for creating the Audit Event Handler. The class must implement org.forgerock.openam.audit.AuditEventHandlerFactory.",
"propertyOrder" : null,
"required" : true,
"type" : "string",
"exampleValue" : ""
}
}
},
"splunkBuffering" : {
"type" : "object",
"title" : "Buffering",
"propertyOrder" : 3,
"properties" : {
"maxEvents" : {
"title" : "Queue Capacity",
"description" : "Maximum number of audit evens in the batch queue; additional events are dropped.",
"propertyOrder" : 700,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"writeInterval" : {
"title" : "Write interval (in milliseconds)",
"description" : "Interval at which buffered events are written to Splunk.",
"propertyOrder" : 800,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"batchSize" : {
"title" : "Batch Size",
"description" : "Maximum number of events that can be buffered (default: 10000).",
"propertyOrder" : 600,
"required" : true,
"type" : "integer",
"exampleValue" : ""
}
}
}
}
}
```
### delete
**Usage**
```
am> delete Splunk --realm Realm --id id
```
**Parameters**
* *\--id*
The unique identifier for the resource.
### getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
**Usage**
```
am> action Splunk --realm Realm --actionName getAllTypes
```
### getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
**Usage**
```
am> action Splunk --realm Realm --actionName getCreatableTypes
```
### nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
**Usage**
```
am> action Splunk --realm Realm --actionName nextdescendents
```
### query
Get the full list of instances of this collection. This query only supports `_queryFilter=true` filter.
**Usage**
```
am> query Splunk --realm Realm --filter filter
```
**Parameters**
* *\--filter*
A CREST formatted query filter, where "true" will query all.
### read
**Usage**
```
am> read Splunk --realm Realm --id id
```
**Parameters**
* *\--id*
The unique identifier for the resource.
### update
**Usage**
```
am> update Splunk --realm Realm --id id --body body
```
**Parameters**
* *\--id*
The unique identifier for the resource.
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"commonHandler" : {
"type" : "object",
"title" : "General Handler Configuration",
"propertyOrder" : 0,
"properties" : {
"topics" : {
"title" : "Topics",
"description" : "List of topics handled by an audit event handler.",
"propertyOrder" : 200,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"enabled" : {
"title" : "Enabled",
"description" : "Enables or disables an audit event handler.",
"propertyOrder" : 100,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
}
}
},
"splunkConfig" : {
"type" : "object",
"title" : "Splunk Configuration",
"propertyOrder" : 2,
"properties" : {
"port" : {
"title" : "Server Port",
"description" : "Port number of Splunk server.",
"propertyOrder" : 400,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"host" : {
"title" : "Server Hostname",
"description" : "Host name or IP address of Splunk server.",
"propertyOrder" : 300,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authzToken" : {
"title" : "Authorization Token",
"description" : "Authorization token used to connect to Splunk HTTP Event Collector endpoint.",
"propertyOrder" : null,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"sslEnabled" : {
"title" : "SSL Enabled",
"description" : "Use HTTPS protocol for communication with Splunk.",
"propertyOrder" : 500,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
}
}
},
"commonHandlerPlugin" : {
"type" : "object",
"title" : "Audit Event Handler Factory",
"propertyOrder" : 1,
"properties" : {
"handlerFactory" : {
"title" : "Factory Class Name",
"description" : "The fully qualified class name of the factory responsible for creating the Audit Event Handler. The class must implement org.forgerock.openam.audit.AuditEventHandlerFactory.",
"propertyOrder" : null,
"required" : true,
"type" : "string",
"exampleValue" : ""
}
}
},
"splunkBuffering" : {
"type" : "object",
"title" : "Buffering",
"propertyOrder" : 3,
"properties" : {
"maxEvents" : {
"title" : "Queue Capacity",
"description" : "Maximum number of audit evens in the batch queue; additional events are dropped.",
"propertyOrder" : 700,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"writeInterval" : {
"title" : "Write interval (in milliseconds)",
"description" : "Interval at which buffered events are written to Splunk.",
"propertyOrder" : 800,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"batchSize" : {
"title" : "Batch Size",
"description" : "Maximum number of events that can be buffered (default: 10000).",
"propertyOrder" : 600,
"required" : true,
"type" : "integer",
"exampleValue" : ""
}
}
}
}
}
```
## Global Operations
Resource path:
```
/global-config/services/audit/Splunk
```
Resource version: `1.0`
### create
**Usage**
```
am> create Splunk --global --id id --body body
```
**Parameters**
* *\--id*
The unique identifier for the resource.
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"splunkBuffering" : {
"type" : "object",
"title" : "Buffering",
"propertyOrder" : 3,
"properties" : {
"batchSize" : {
"title" : "Batch Size",
"description" : "Maximum number of events that can be buffered (default: 10000).",
"propertyOrder" : 600,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"writeInterval" : {
"title" : "Write interval (in milliseconds)",
"description" : "Interval at which buffered events are written to Splunk.",
"propertyOrder" : 800,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"maxEvents" : {
"title" : "Queue Capacity",
"description" : "Maximum number of audit evens in the batch queue; additional events are dropped.",
"propertyOrder" : 700,
"required" : true,
"type" : "integer",
"exampleValue" : ""
}
}
},
"splunkConfig" : {
"type" : "object",
"title" : "Splunk Configuration",
"propertyOrder" : 2,
"properties" : {
"sslEnabled" : {
"title" : "SSL Enabled",
"description" : "Use HTTPS protocol for communication with Splunk.",
"propertyOrder" : 500,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"port" : {
"title" : "Server Port",
"description" : "Port number of Splunk server.",
"propertyOrder" : 400,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"authzToken" : {
"title" : "Authorization Token",
"description" : "Authorization token used to connect to Splunk HTTP Event Collector endpoint.",
"propertyOrder" : null,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"host" : {
"title" : "Server Hostname",
"description" : "Host name or IP address of Splunk server.",
"propertyOrder" : 300,
"required" : true,
"type" : "string",
"exampleValue" : ""
}
}
},
"commonHandler" : {
"type" : "object",
"title" : "General Handler Configuration",
"propertyOrder" : 0,
"properties" : {
"enabled" : {
"title" : "Enabled",
"description" : "Enables or disables an audit event handler.",
"propertyOrder" : 100,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"topics" : {
"title" : "Topics",
"description" : "List of topics handled by an audit event handler.",
"propertyOrder" : 200,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
}
}
},
"commonHandlerPlugin" : {
"type" : "object",
"title" : "Audit Event Handler Factory",
"propertyOrder" : 1,
"properties" : {
"handlerFactory" : {
"title" : "Factory Class Name",
"description" : "The fully qualified class name of the factory responsible for creating the Audit Event Handler. The class must implement org.forgerock.openam.audit.AuditEventHandlerFactory.",
"propertyOrder" : null,
"required" : true,
"type" : "string",
"exampleValue" : ""
}
}
}
}
}
```
### delete
**Usage**
```
am> delete Splunk --global --id id
```
**Parameters**
* *\--id*
The unique identifier for the resource.
### getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
**Usage**
```
am> action Splunk --global --actionName getAllTypes
```
### getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
**Usage**
```
am> action Splunk --global --actionName getCreatableTypes
```
### nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
**Usage**
```
am> action Splunk --global --actionName nextdescendents
```
### query
Get the full list of instances of this collection. This query only supports `_queryFilter=true` filter.
**Usage**
```
am> query Splunk --global --filter filter
```
**Parameters**
* *\--filter*
A CREST formatted query filter, where "true" will query all.
### read
**Usage**
```
am> read Splunk --global --id id
```
**Parameters**
* *\--id*
The unique identifier for the resource.
### update
**Usage**
```
am> update Splunk --global --id id --body body
```
**Parameters**
* *\--id*
The unique identifier for the resource.
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"splunkBuffering" : {
"type" : "object",
"title" : "Buffering",
"propertyOrder" : 3,
"properties" : {
"batchSize" : {
"title" : "Batch Size",
"description" : "Maximum number of events that can be buffered (default: 10000).",
"propertyOrder" : 600,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"writeInterval" : {
"title" : "Write interval (in milliseconds)",
"description" : "Interval at which buffered events are written to Splunk.",
"propertyOrder" : 800,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"maxEvents" : {
"title" : "Queue Capacity",
"description" : "Maximum number of audit evens in the batch queue; additional events are dropped.",
"propertyOrder" : 700,
"required" : true,
"type" : "integer",
"exampleValue" : ""
}
}
},
"splunkConfig" : {
"type" : "object",
"title" : "Splunk Configuration",
"propertyOrder" : 2,
"properties" : {
"sslEnabled" : {
"title" : "SSL Enabled",
"description" : "Use HTTPS protocol for communication with Splunk.",
"propertyOrder" : 500,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"port" : {
"title" : "Server Port",
"description" : "Port number of Splunk server.",
"propertyOrder" : 400,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"authzToken" : {
"title" : "Authorization Token",
"description" : "Authorization token used to connect to Splunk HTTP Event Collector endpoint.",
"propertyOrder" : null,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"host" : {
"title" : "Server Hostname",
"description" : "Host name or IP address of Splunk server.",
"propertyOrder" : 300,
"required" : true,
"type" : "string",
"exampleValue" : ""
}
}
},
"commonHandler" : {
"type" : "object",
"title" : "General Handler Configuration",
"propertyOrder" : 0,
"properties" : {
"enabled" : {
"title" : "Enabled",
"description" : "Enables or disables an audit event handler.",
"propertyOrder" : 100,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"topics" : {
"title" : "Topics",
"description" : "List of topics handled by an audit event handler.",
"propertyOrder" : 200,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
}
}
},
"commonHandlerPlugin" : {
"type" : "object",
"title" : "Audit Event Handler Factory",
"propertyOrder" : 1,
"properties" : {
"handlerFactory" : {
"title" : "Factory Class Name",
"description" : "The fully qualified class name of the factory responsible for creating the Audit Event Handler. The class must implement org.forgerock.openam.audit.AuditEventHandlerFactory.",
"propertyOrder" : null,
"required" : true,
"type" : "string",
"exampleValue" : ""
}
}
}
}
}
```