PSA Splunk Integration

Polarity Source Analytics for Splunk

Download and Install

The Source Analytics integration can be installed through the Integration Store.

Navigate to the Integration Store tab and search for "telemetry".  Install the "Telemetry - Splunk" integration.

Polarity Source Analytics Integration Options

• Authentication
  • The Polarity Source Analytics integration works similar to the Splunk integration and you can generally use the same authentication mechanism if you already have the Splunk integration configured.
  • To authenticate to Splunk you must provide either a Splunk Cloud Username and Password or a Splunk Authentication Token.  We generally recommend using an Authentication Token.
• Splunk Analyst Telemetry Index
  • This is the name of the index that contains your telemetry logs.  If you followed the Polarity Source Analytics with Splunk guide, the index will be called polarity.
• Search Window
  • How far back to search telemetry data.  Adjust this appropriately for the size of your Splunk instance.  We recommend starting with a short time frame (e.g., 1  month) and increase the time range based on performance of the searches being run.
• Ignored Integrations
  • Comma delimited list of integration IDs to ignore. Integration IDs match the directory name of the integration but with dashes converted to underscores. For example, if the integration directory is "generic-integration", the ID for the integration would be "generic_integration". This integration will never include itself in results.
• Display Window Title
  • If checked, Window Title information will displayed as part of the returned data.  This option should be set to "Only admins can view and edit".
• View SPL Queries
  • If checked, Polarity admins will be able to see the SPL queries used to generate the charts in the Overlay Window.  This mode is meant for debugging purposes.