Skip to main content


Import JupiterOne alert data to Splunk to view, query with J1QL, and link JupiterOne alerts from within Splunk.


To configure JupiterOne with Splunk, you will first need to obtain your JupiterOne accountId and generate an API Key in JupiterOne:

  • Generate your API Key: Create your API Key by following instructions on our API Key Access guide.
  • Obtaining your JupiterOne accountId: Excute this query within the JupiterOne search on the app's home view: find jupiterone_account. The results column will display the value within the accountId column.

Add JupiterOne to Splunk

With both the API Key and accountId from JupiterOne, proceed to Splunk to add JupiterOne to your Splunk workspace. This can be done either by:

  1. Installing the JupiterOne app directly from the Splunk dashboard:

    1. On the Splunk home dashboard, use the Find More Apps link to find and install the JupiterOne Add-on and the JupiterOne app.
  2. Downloading the JupiterOne add-on and app package from the Splunkbase marketplace:

    1. In Splunk navigate to Apps > Manage Apps by clicking the gear icon in the upper-left corner.
    2. Select Install app from file in the top-right.
    3. Choose File and select the JupiterOne add-on package or app package.
    4. Click Upload and follow the prompts to complete the process.

Configure the JupiterOne Add-on in Splunk

Now that JupiterOne has been added to Splunk, the last step is to finalize the configuration and input your JupiterOne credentials.

  1. In Splunk, navigate to the JupiterOne Add-on for Splunk, and click Configuration.
  2. Click Add to create a new JupiterOne account configuration on the add-on.
  3. Enter your JupiterOne Account Name, accountId, and API Key. Click Add when finished.
    • Optional: You can add a proxy under the Proxy tab, or change the log level on the Logging tab. By default the log level is INFO.
  4. Next, go to the Inputs tab, and choose Create New Input.
  5. Enter the desired values for the input, and press Add once done.

This concludes the setup for the Add-on. With the Add-on configured, the JupiterOne app within Splunk will start working without additional setup.


More details are available on the Splunkbase marketplace for the add-on and the App.