Skip to main content

Splunk Connection

The following guide shows you how to manage Splunk connections in your Lumar account. Splunk connections allow Lumar to import log data for log file analysis reports.

Creating a Splunk connection

Provide the Splunk API URL and credentials. Optionally configure a proxy.

Operation: mutation CreateSplunkConnection($input: CreateSplunkConnectionInput!) { createSplunkConnection(input: $input) { splunkConnection { id isWorking proxyCode customProxy } } }Variables: { "input": { "url": "https://splunk.example.com:8089", "username": "splunk-api-user", "password": "your-splunk-password" } }Response Example: { "data": { "createSplunkConnection": { "splunkConnection": { "id": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x", "isWorking": true, "proxyCode": null, "customProxy": null } } } }
CreateSplunkConnectionTry in Explorer
GraphQL
mutation CreateSplunkConnection($input: CreateSplunkConnectionInput!) {
  createSplunkConnection(input: $input) {
    splunkConnection {
      id
      isWorking
      proxyCode
      customProxy
    }
  }
}

Querying connections

Retrieve all Splunk connections for an account:

Operation: query GetSplunkConnections { me { splunkConnections(first: 10) { nodes { id isWorking customProxy proxyCode createdAt } totalCount } } }Variables: {}Response Example: { "data": { "me": { "splunkConnections": { "nodes": [ { "id": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x", "isWorking": true, "customProxy": null, "proxyCode": null, "createdAt": "2025-01-10T08:00:00.000Z" } ], "totalCount": 1 } } } }
GetSplunkConnectionsTry in Explorer
GraphQL
query GetSplunkConnections {
  me {
    splunkConnections(first: 10) {
      nodes {
        id
        isWorking
        customProxy
        proxyCode
        createdAt
      }
      totalCount
    }
  }
}

Updating a connection

Update credentials, URL, or proxy settings:

Operation: mutation UpdateSplunkConnection($input: UpdateSplunkConnectionInput!) { updateSplunkConnection(input: $input) { splunkConnection { id isWorking proxyCode customProxy } } }Variables: { "input": { "splunkConnectionId": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x", "proxyCode": "Custom", "customProxy": "https://proxy.example.com:8080" } }Response Example: { "data": { "updateSplunkConnection": { "splunkConnection": { "id": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x", "isWorking": true, "proxyCode": "Custom", "customProxy": "https://proxy.example.com:8080" } } } }
UpdateSplunkConnectionTry in Explorer
GraphQL
mutation UpdateSplunkConnection($input: UpdateSplunkConnectionInput!) {
  updateSplunkConnection(input: $input) {
    splunkConnection {
      id
      isWorking
      proxyCode
      customProxy
    }
  }
}

Proxy configuration

If your Splunk instance is behind a firewall, you can configure a proxy:

  • Set proxyCode to Custom.
  • Set customProxy to your proxy URL (e.g., https://proxy.example.com:8080).

When no proxy is needed, leave both fields as null.

Deleting a connection

Remove a Splunk connection:

Operation: mutation DeleteSplunkConnection($input: DeleteSplunkConnectionInput!) { deleteSplunkConnection(input: $input) { splunkConnection { id } } }Variables: { "input": { "splunkConnectionId": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x" } }Response Example: { "data": { "deleteSplunkConnection": { "splunkConnection": { "id": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x" } } } }
DeleteSplunkConnectionTry in Explorer
GraphQL
mutation DeleteSplunkConnection($input: DeleteSplunkConnectionInput!) {
  deleteSplunkConnection(input: $input) {
    splunkConnection {
      id
    }
  }
}

Project queries

After creating a connection, set up project-level queries to define which Splunk data Lumar should fetch for a specific project:

Operation: mutation CreateSplunkProjectQuery($input: CreateSplunkProjectQueryInput!) { createSplunkProjectQuery(input: $input) { splunkProjectQuery { id query baseUrl dateRange enabled useLastCrawlDate } } }Variables: { "input": { "splunkConnectionId": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x", "projectId": "TjAwN1Byb2plY3Q2MTMy", "query": "index=web sourcetype=access_combined", "baseUrl": "https://www.example.com", "dateRange": 30, "enabled": true, "useLastCrawlDate": false } }Response Example: { "data": { "createSplunkProjectQuery": { "splunkProjectQuery": { "id": "TjAxOFNwbHVua1Byb2plY3RRdWVyeTEy", "query": "index=web sourcetype=access_combined", "baseUrl": "https://www.example.com", "dateRange": 30, "enabled": true, "useLastCrawlDate": false } } } }
CreateSplunkProjectQueryTry in Explorer
GraphQL
mutation CreateSplunkProjectQuery($input: CreateSplunkProjectQueryInput!) {
  createSplunkProjectQuery(input: $input) {
    splunkProjectQuery {
      id
      query
      baseUrl
      dateRange
      enabled
      useLastCrawlDate
    }
  }
}

You can also retrieve existing project queries:

Operation: query GetSplunkProjectQueries($projectId: ObjectID!) { getProject(id: $projectId) { splunkProjectQueries(first: 10) { nodes { id query baseUrl dateRange enabled useLastCrawlDate splunkConnection { id isWorking } } totalCount } } }Variables: { "projectId": "TjAwN1Byb2plY3Q2MTMy" }Response Example: { "data": { "getProject": { "splunkProjectQueries": { "nodes": [ { "id": "TjAxOFNwbHVua1Byb2plY3RRdWVyeTEy", "query": "index=web sourcetype=access_combined", "baseUrl": "https://www.example.com", "dateRange": 30, "enabled": true, "useLastCrawlDate": false, "splunkConnection": { "id": "TjAxOFNwbHVua0Nvbm5lY3Rpb24x", "isWorking": true } } ], "totalCount": 1 } } } }
GetSplunkProjectQueriesTry in Explorer
GraphQL
query GetSplunkProjectQueries($projectId: ObjectID!) {
  getProject(id: $projectId) {
    splunkProjectQueries(first: 10) {
      nodes {
        id
        query
        baseUrl
        dateRange
        enabled
        useLastCrawlDate
        splunkConnection {
          id
          isWorking
        }
      }
      totalCount
    }
  }
}

Key project query fields:

FieldDescription
queryThe Splunk search query string.
baseUrlThe base URL to match in log entries.
dateRangeNumber of days of log data to import.
useLastCrawlDateWhen true, uses the last crawl date as the start of the date range.
enabledWhether this query is active.