Your Canary Console can integrate with Splunk easily. In this article we'll walk you through installing the integration.

Follow the steps below to install both the App and the Technology Add-on (TA). As a pre-requisite you'll need an API key and your Console's hostname.

Step 1: Login to your Splunk console

Step 2: Click through to the App browser:

Step 3: Search for "canary"

This returns two results, the Add-on and the App.

Step 3: Install the "Thinkst Canary Add-on for Splunk" package

Note: Install the Add-on, rather than the App.

If prompted, enter your Splunk credentials:

You'll get a message when the installation has finished, prompting you to restart Splunk. Click "Restart Now":

Wait for Splunk to restart, log back in and head back to the App browser.

Step 4: Search for "canary":

This returns two results, the Add-on and the App.

Step 5: Install the "Thinkst Canary App for Splunk" package

You may be prompted for Splunk credentials again.

The App installation does not require a restart.

Step 6: Start the Add-on setup

Click on the App menu in the top left, and select "Thinkst Canary Add-on for Splunk", which will show a page saying that you need to setup the TA. Click on "Continue to app setup page".

Step 7: Configure the API details

Paste the API key and hostname of your console, then click "Save".

Upon clicking "Save", the TA's Inputs page is shown.

Step 8a: Configure the Inputs' default index.

For both the new_incidents_devices_tokens and the daily_snapshot data inputs, perform this task.

Click on "Action", then "Edit".

Step 8b: Select an index and update the input

Reminder: do this for both the new_incidents_devices_tokens and the daily_snapshot data inputs.

After both inputs have been updated, the TA will start querying your console for data in under a minute.

Step 9: Open the Canary App for Splunk to interact with the data