Splunk Connection
The following guide shows you how to manage Splunk connections in your Lumar account. Splunk connections allow Lumar to import log data for log file analysis reports.
Creating a Splunk connection
Provide the Splunk API URL and credentials. Optionally configure a proxy.
- Mutation
- Variables
- Response
- cURL
mutation CreateSplunkConnection($input: CreateSplunkConnectionInput!) {
createSplunkConnection(input: $input) {
splunkConnection {
id
isWorking
proxyCode
customProxy
}
}
}
{
"input": {
"url": "https://splunk.example.com:8089",
"username": "splunk-api-user",
"password": "your-splunk-password"
}
}
{
"data": {
"createSplunkConnection": {
"splunkConnection": {
"id": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x",
"isWorking": true,
"proxyCode": null,
"customProxy": null
}
}
}
}
curl -X POST -H "Content-Type: application/json" -H "apollographql-client-name: docs-example-client" -H "apollographql-client-version: 1.0.0" -H "x-auth-token: YOUR_API_SESSION_TOKEN" --data '{"query":"mutation CreateSplunkConnection($input: CreateSplunkConnectionInput!) { createSplunkConnection(input: $input) { splunkConnection { id isWorking proxyCode customProxy } } }","variables":{"input":{"url":"https://splunk.example.com:8089","username":"splunk-api-user","password":"your-splunk-password"}}}' https://api.lumar.io/graphql
Querying connections
Retrieve all Splunk connections for an account:
- Query
- Variables
- Response
- cURL
query GetSplunkConnections {
me {
splunkConnections(first: 10) {
nodes {
id
isWorking
customProxy
proxyCode
createdAt
}
totalCount
}
}
}
{}
{
"data": {
"me": {
"splunkConnections": {
"nodes": [
{
"id": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x",
"isWorking": true,
"customProxy": null,
"proxyCode": null,
"createdAt": "2025-01-10T08:00:00.000Z"
}
],
"totalCount": 1
}
}
}
}
curl -X POST -H "Content-Type: application/json" -H "apollographql-client-name: docs-example-client" -H "apollographql-client-version: 1.0.0" -H "x-auth-token: YOUR_API_SESSION_TOKEN" --data '{"query":"query GetSplunkConnections { me { splunkConnections(first: 10) { nodes { id isWorking customProxy proxyCode createdAt } totalCount } } }","variables":{}}' https://api.lumar.io/graphql
Updating a connection
Update credentials, URL, or proxy settings:
- Mutation
- Variables
- Response
- cURL
mutation UpdateSplunkConnection($input: UpdateSplunkConnectionInput!) {
updateSplunkConnection(input: $input) {
splunkConnection {
id
isWorking
proxyCode
customProxy
}
}
}
{
"input": {
"splunkConnectionId": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x",
"proxyCode": "Custom",
"customProxy": "https://proxy.example.com:8080"
}
}
{
"data": {
"updateSplunkConnection": {
"splunkConnection": {
"id": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x",
"isWorking": true,
"proxyCode": "Custom",
"customProxy": "https://proxy.example.com:8080"
}
}
}
}
curl -X POST -H "Content-Type: application/json" -H "apollographql-client-name: docs-example-client" -H "apollographql-client-version: 1.0.0" -H "x-auth-token: YOUR_API_SESSION_TOKEN" --data '{"query":"mutation UpdateSplunkConnection($input: UpdateSplunkConnectionInput!) { updateSplunkConnection(input: $input) { splunkConnection { id isWorking proxyCode customProxy } } }","variables":{"input":{"splunkConnectionId":"TjAxOFNwbHVua0Nvbm5lY3Rpb24x","proxyCode":"Custom","customProxy":"https://proxy.example.com:8080"}}}' https://api.lumar.io/graphql
Proxy configuration
If your Splunk instance is behind a firewall, you can configure a proxy:
- Set
proxyCodetoCustom. - Set
customProxyto your proxy URL (e.g.,https://proxy.example.com:8080).
When no proxy is needed, leave both fields as null.
Deleting a connection
Remove a Splunk connection:
- Mutation
- Variables
- Response
- cURL
mutation DeleteSplunkConnection($input: DeleteSplunkConnectionInput!) {
deleteSplunkConnection(input: $input) {
splunkConnection {
id
}
}
}
{
"input": {
"splunkConnectionId": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x"
}
}
{
"data": {
"deleteSplunkConnection": {
"splunkConnection": {
"id": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x"
}
}
}
}
curl -X POST -H "Content-Type: application/json" -H "apollographql-client-name: docs-example-client" -H "apollographql-client-version: 1.0.0" -H "x-auth-token: YOUR_API_SESSION_TOKEN" --data '{"query":"mutation DeleteSplunkConnection($input: DeleteSplunkConnectionInput!) { deleteSplunkConnection(input: $input) { splunkConnection { id } } }","variables":{"input":{"splunkConnectionId":"TjAxOFNwbHVua0Nvbm5lY3Rpb24x"}}}' https://api.lumar.io/graphql
Project queries
After creating a connection, set up project-level queries to define which Splunk data Lumar should fetch for a specific project:
- Mutation
- Variables
- Response
- cURL
mutation CreateSplunkProjectQuery($input: CreateSplunkProjectQueryInput!) {
createSplunkProjectQuery(input: $input) {
splunkProjectQuery {
id
query
baseUrl
dateRange
enabled
useLastCrawlDate
}
}
}
{
"input": {
"splunkConnectionId": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x",
"projectId": "TjAwN1Byb2plY3Q2MTMy",
"query": "index=web sourcetype=access_combined",
"baseUrl": "https://www.example.com",
"dateRange": 30,
"enabled": true,
"useLastCrawlDate": false
}
}
{
"data": {
"createSplunkProjectQuery": {
"splunkProjectQuery": {
"id": "TjAxOFNwbHVua1Byb2plY3RRdWVyeTEy",
"query": "index=web sourcetype=access_combined",
"baseUrl": "https://www.example.com",
"dateRange": 30,
"enabled": true,
"useLastCrawlDate": false
}
}
}
}
curl -X POST -H "Content-Type: application/json" -H "apollographql-client-name: docs-example-client" -H "apollographql-client-version: 1.0.0" -H "x-auth-token: YOUR_API_SESSION_TOKEN" --data '{"query":"mutation CreateSplunkProjectQuery($input: CreateSplunkProjectQueryInput!) { createSplunkProjectQuery(input: $input) { splunkProjectQuery { id query baseUrl dateRange enabled useLastCrawlDate } } }","variables":{"input":{"splunkConnectionId":"TjAxOFNwbHVua0Nvbm5lY3Rpb24x","projectId":"TjAwN1Byb2plY3Q2MTMy","query":"index=web sourcetype=access_combined","baseUrl":"https://www.example.com","dateRange":30,"enabled":true,"useLastCrawlDate":false}}}' https://api.lumar.io/graphql
You can also retrieve existing project queries:
- Query
- Variables
- Response
- cURL
query GetSplunkProjectQueries($projectId: ObjectID!) {
getProject(id: $projectId) {
splunkProjectQueries(first: 10) {
nodes {
id
query
baseUrl
dateRange
enabled
useLastCrawlDate
splunkConnection {
id
isWorking
}
}
totalCount
}
}
}
{
"projectId": "TjAwN1Byb2plY3Q2MTMy"
}
{
"data": {
"getProject": {
"splunkProjectQueries": {
"nodes": [
{
"id": "TjAxOFNwbHVua1Byb2plY3RRdWVyeTEy",
"query": "index=web sourcetype=access_combined",
"baseUrl": "https://www.example.com",
"dateRange": 30,
"enabled": true,
"useLastCrawlDate": false,
"splunkConnection": {
"id": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x",
"isWorking": true
}
}
],
"totalCount": 1
}
}
}
}
curl -X POST -H "Content-Type: application/json" -H "apollographql-client-name: docs-example-client" -H "apollographql-client-version: 1.0.0" -H "x-auth-token: YOUR_API_SESSION_TOKEN" --data '{"query":"query GetSplunkProjectQueries($projectId: ObjectID!) { getProject(id: $projectId) { splunkProjectQueries(first: 10) { nodes { id query baseUrl dateRange enabled useLastCrawlDate splunkConnection { id isWorking } } totalCount } } }","variables":{"projectId":"TjAwN1Byb2plY3Q2MTMy"}}' https://api.lumar.io/graphql
Key project query fields:
| Field | Description |
|---|---|
query | The Splunk search query string. |
baseUrl | The base URL to match in log entries. |
dateRange | Number of days of log data to import. |
useLastCrawlDate | When true, uses the last crawl date as the start of the date range. |
enabled | Whether this query is active. |