Data connectivity & integrationAvailable connectorsSplunk

Splunk

The Splunk connector is a Palantir-provided driver for Splunk.

To create a new Splunk source, follow the standard setup flow for Palantir-provided drivers, then use the sections below for Splunk-specific configuration and networking. For the complete property reference, see the official Splunk driver documentation ↗.

Configuration

The properties below are mandatory or recommended.

Property	Required?	Description	Default
`AuthScheme` ↗	Mandatory	Whether to use Basic Authentication, AccessToken or HTTPEventCollectorToken Authentication when connecting to Splunk.	`Basic`
`URL` ↗	Mandatory	The URL to your Splunk endpoint.	`https://mySite.splunk.com:{port}`
`Password` ↗	Recommended	Specifies the password of the authenticating user account.	—
`User` ↗	Recommended	Specifies the user ID of the authenticating Splunk user account.	—

Networking

The table below lists the domains that the source needs to be able to access in order to successfully run.

For each domain, add a corresponding egress policy. If the source is hosted on-premises and not directly reachable from Foundry, use an agent proxy egress policy instead; the agent host itself must also be able to reach the listed domains. See using an agent as a proxy for details.

Domain	Required
<URL>	Always. URL connection property, URL with management port, i.e. https://yoursitename.splunk.com:8089