Docs Home
lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework
lacework.AlertChannelSplunk
Explore with Pulumi AI
You can use this resource to enable Lacework to forward alerts to Splunk using an HTTP Event Collector.
To find more information see the Lacework support documentation.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as lacework from "@pulumi/lacework";
const opsCritical = new lacework.AlertChannelSplunk("opsCritical", {
eventData: {
index: "index",
source: "source",
},
hecToken: "BA696D5E-CA2F-4347-97CB-3C89F834816F",
host: "localhost",
port: 80,
});
import pulumi
import pulumi_lacework as lacework
ops_critical = lacework.AlertChannelSplunk("opsCritical",
event_data={
"index": "index",
"source": "source",
},
hec_token="BA696D5E-CA2F-4347-97CB-3C89F834816F",
host="localhost",
port=80)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/lacework/v2/lacework"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lacework.NewAlertChannelSplunk(ctx, "opsCritical", &lacework.AlertChannelSplunkArgs{
EventData: &lacework.AlertChannelSplunkEventDataArgs{
Index: pulumi.String("index"),
Source: pulumi.String("source"),
},
HecToken: pulumi.String("BA696D5E-CA2F-4347-97CB-3C89F834816F"),
Host: pulumi.String("localhost"),
Port: pulumi.Float64(80),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Lacework = Pulumi.Lacework;
return await Deployment.RunAsync(() =>
{
var opsCritical = new Lacework.AlertChannelSplunk("opsCritical", new()
{
EventData = new Lacework.Inputs.AlertChannelSplunkEventDataArgs
{
Index = "index",
Source = "source",
},
HecToken = "BA696D5E-CA2F-4347-97CB-3C89F834816F",
Host = "localhost",
Port = 80,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.lacework.AlertChannelSplunk;
import com.pulumi.lacework.AlertChannelSplunkArgs;
import com.pulumi.lacework.inputs.AlertChannelSplunkEventDataArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var opsCritical = new AlertChannelSplunk("opsCritical", AlertChannelSplunkArgs.builder()
.eventData(AlertChannelSplunkEventDataArgs.builder()
.index("index")
.source("source")
.build())
.hecToken("BA696D5E-CA2F-4347-97CB-3C89F834816F")
.host("localhost")
.port("80")
.build());
}
}
resources:
opsCritical:
type: lacework:AlertChannelSplunk
properties:
eventData:
index: index
source: source
hecToken: BA696D5E-CA2F-4347-97CB-3C89F834816F
host: localhost
port: '80'
Create AlertChannelSplunk Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AlertChannelSplunk(name: string, args: AlertChannelSplunkArgs, opts?: CustomResourceOptions);@overload
def AlertChannelSplunk(resource_name: str,
args: AlertChannelSplunkArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AlertChannelSplunk(resource_name: str,
opts: Optional[ResourceOptions] = None,
event_data: Optional[AlertChannelSplunkEventDataArgs] = None,
hec_token: Optional[str] = None,
host: Optional[str] = None,
port: Optional[float] = None,
alert_channel_splunk_id: Optional[str] = None,
channel: Optional[str] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
ssl: Optional[bool] = None,
test_integration: Optional[bool] = None)func NewAlertChannelSplunk(ctx *Context, name string, args AlertChannelSplunkArgs, opts ...ResourceOption) (*AlertChannelSplunk, error)public AlertChannelSplunk(string name, AlertChannelSplunkArgs args, CustomResourceOptions? opts = null)
public AlertChannelSplunk(String name, AlertChannelSplunkArgs args)
public AlertChannelSplunk(String name, AlertChannelSplunkArgs args, CustomResourceOptions options)
type: lacework:AlertChannelSplunk
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AlertChannelSplunkArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AlertChannelSplunkArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AlertChannelSplunkArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AlertChannelSplunkArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AlertChannelSplunkArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var alertChannelSplunkResource = new Lacework.AlertChannelSplunk("alertChannelSplunkResource", new()
{
EventData = new Lacework.Inputs.AlertChannelSplunkEventDataArgs
{
Index = "string",
Source = "string",
},
HecToken = "string",
Host = "string",
Port = 0,
AlertChannelSplunkId = "string",
Channel = "string",
Enabled = false,
Name = "string",
Ssl = false,
TestIntegration = false,
});
example, err := lacework.NewAlertChannelSplunk(ctx, "alertChannelSplunkResource", &lacework.AlertChannelSplunkArgs{
EventData: &lacework.AlertChannelSplunkEventDataArgs{
Index: pulumi.String("string"),
Source: pulumi.String("string"),
},
HecToken: pulumi.String("string"),
Host: pulumi.String("string"),
Port: pulumi.Float64(0),
AlertChannelSplunkId: pulumi.String("string"),
Channel: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Name: pulumi.String("string"),
Ssl: pulumi.Bool(false),
TestIntegration: pulumi.Bool(false),
})
var alertChannelSplunkResource = new AlertChannelSplunk("alertChannelSplunkResource", AlertChannelSplunkArgs.builder()
.eventData(AlertChannelSplunkEventDataArgs.builder()
.index("string")
.source("string")
.build())
.hecToken("string")
.host("string")
.port(0)
.alertChannelSplunkId("string")
.channel("string")
.enabled(false)
.name("string")
.ssl(false)
.testIntegration(false)
.build());
alert_channel_splunk_resource = lacework.AlertChannelSplunk("alertChannelSplunkResource",
event_data={
"index": "string",
"source": "string",
},
hec_token="string",
host="string",
port=0,
alert_channel_splunk_id="string",
channel="string",
enabled=False,
name="string",
ssl=False,
test_integration=False)
const alertChannelSplunkResource = new lacework.AlertChannelSplunk("alertChannelSplunkResource", {
eventData: {
index: "string",
source: "string",
},
hecToken: "string",
host: "string",
port: 0,
alertChannelSplunkId: "string",
channel: "string",
enabled: false,
name: "string",
ssl: false,
testIntegration: false,
});
type: lacework:AlertChannelSplunk
properties:
alertChannelSplunkId: string
channel: string
enabled: false
eventData:
index: string
source: string
hecToken: string
host: string
name: string
port: 0
ssl: false
testIntegration: false
AlertChannelSplunk Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AlertChannelSplunk resource accepts the following input properties:
- Event
Data AlertChannel Splunk Event Data - Hec
Token string - The token you generate when you create a new HEC input.
- Host string
- The hostname of the client from which you're sending data.
- Port double
- The destination port for forwarding events.
- Alert
Channel stringSplunk Id - Channel string
- The Splunk channel name.
- Enabled bool
- The state of the external integration. Defaults to
true. - Name string
- The Alert Channel integration name.
- Ssl bool
- Enable or Disable SSL.
- Test
Integration bool - Whether to test the integration of an alert channel upon creation and modification
- Event
Data AlertChannel Splunk Event Data Args - Hec
Token string - The token you generate when you create a new HEC input.
- Host string
- The hostname of the client from which you're sending data.
- Port float64
- The destination port for forwarding events.
- Alert
Channel stringSplunk Id - Channel string
- The Splunk channel name.
- Enabled bool
- The state of the external integration. Defaults to
true. - Name string
- The Alert Channel integration name.
- Ssl bool
- Enable or Disable SSL.
- Test
Integration bool - Whether to test the integration of an alert channel upon creation and modification
- event
Data AlertChannel Splunk Event Data - hec
Token String - The token you generate when you create a new HEC input.
- host String
- The hostname of the client from which you're sending data.
- port Double
- The destination port for forwarding events.
- alert
Channel StringSplunk Id - channel String
- The Splunk channel name.
- enabled Boolean
- The state of the external integration. Defaults to
true. - name String
- The Alert Channel integration name.
- ssl Boolean
- Enable or Disable SSL.
- test
Integration Boolean - Whether to test the integration of an alert channel upon creation and modification
- event
Data AlertChannel Splunk Event Data - hec
Token string - The token you generate when you create a new HEC input.
- host string
- The hostname of the client from which you're sending data.
- port number
- The destination port for forwarding events.
- alert
Channel stringSplunk Id - channel string
- The Splunk channel name.
- enabled boolean
- The state of the external integration. Defaults to
true. - name string
- The Alert Channel integration name.
- ssl boolean
- Enable or Disable SSL.
- test
Integration boolean - Whether to test the integration of an alert channel upon creation and modification
- event_
data AlertChannel Splunk Event Data Args - hec_
token str - The token you generate when you create a new HEC input.
- host str
- The hostname of the client from which you're sending data.
- port float
- The destination port for forwarding events.
- alert_
channel_ strsplunk_ id - channel str
- The Splunk channel name.
- enabled bool
- The state of the external integration. Defaults to
true. - name str
- The Alert Channel integration name.
- ssl bool
- Enable or Disable SSL.
- test_
integration bool - Whether to test the integration of an alert channel upon creation and modification
- event
Data Property Map - hec
Token String - The token you generate when you create a new HEC input.
- host String
- The hostname of the client from which you're sending data.
- port Number
- The destination port for forwarding events.
- alert
Channel StringSplunk Id - channel String
- The Splunk channel name.
- enabled Boolean
- The state of the external integration. Defaults to
true. - name String
- The Alert Channel integration name.
- ssl Boolean
- Enable or Disable SSL.
- test
Integration Boolean - Whether to test the integration of an alert channel upon creation and modification
Outputs
All input properties are implicitly available as output properties. Additionally, the AlertChannelSplunk resource produces the following output properties:
- Created
Or stringUpdated By - Created
Or stringUpdated Time - Id string
- The provider-assigned unique ID for this managed resource.
- Intg
Guid string - Org
Level bool - Type
Name string
- Created
Or stringUpdated By - Created
Or stringUpdated Time - Id string
- The provider-assigned unique ID for this managed resource.
- Intg
Guid string - Org
Level bool - Type
Name string
- created
Or StringUpdated By - created
Or StringUpdated Time - id String
- The provider-assigned unique ID for this managed resource.
- intg
Guid String - org
Level Boolean - type
Name String
- created
Or stringUpdated By - created
Or stringUpdated Time - id string
- The provider-assigned unique ID for this managed resource.
- intg
Guid string - org
Level boolean - type
Name string
- created_
or_ strupdated_ by - created_
or_ strupdated_ time - id str
- The provider-assigned unique ID for this managed resource.
- intg_
guid str - org_
level bool - type_
name str
- created
Or StringUpdated By - created
Or StringUpdated Time - id String
- The provider-assigned unique ID for this managed resource.
- intg
Guid String - org
Level Boolean - type
Name String
Look up Existing AlertChannelSplunk Resource
Get an existing AlertChannelSplunk resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AlertChannelSplunkState, opts?: CustomResourceOptions): AlertChannelSplunk@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alert_channel_splunk_id: Optional[str] = None,
channel: Optional[str] = None,
created_or_updated_by: Optional[str] = None,
created_or_updated_time: Optional[str] = None,
enabled: Optional[bool] = None,
event_data: Optional[AlertChannelSplunkEventDataArgs] = None,
hec_token: Optional[str] = None,
host: Optional[str] = None,
intg_guid: Optional[str] = None,
name: Optional[str] = None,
org_level: Optional[bool] = None,
port: Optional[float] = None,
ssl: Optional[bool] = None,
test_integration: Optional[bool] = None,
type_name: Optional[str] = None) -> AlertChannelSplunkfunc GetAlertChannelSplunk(ctx *Context, name string, id IDInput, state *AlertChannelSplunkState, opts ...ResourceOption) (*AlertChannelSplunk, error)public static AlertChannelSplunk Get(string name, Input<string> id, AlertChannelSplunkState? state, CustomResourceOptions? opts = null)public static AlertChannelSplunk get(String name, Output<String> id, AlertChannelSplunkState state, CustomResourceOptions options)resources: _: type: lacework:AlertChannelSplunk get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alert
Channel stringSplunk Id - Channel string
- The Splunk channel name.
- Created
Or stringUpdated By - Created
Or stringUpdated Time - Enabled bool
- The state of the external integration. Defaults to
true. - Event
Data AlertChannel Splunk Event Data - Hec
Token string - The token you generate when you create a new HEC input.
- Host string
- The hostname of the client from which you're sending data.
- Intg
Guid string - Name string
- The Alert Channel integration name.
- Org
Level bool - Port double
- The destination port for forwarding events.
- Ssl bool
- Enable or Disable SSL.
- Test
Integration bool - Whether to test the integration of an alert channel upon creation and modification
- Type
Name string
- Alert
Channel stringSplunk Id - Channel string
- The Splunk channel name.
- Created
Or stringUpdated By - Created
Or stringUpdated Time - Enabled bool
- The state of the external integration. Defaults to
true. - Event
Data AlertChannel Splunk Event Data Args - Hec
Token string - The token you generate when you create a new HEC input.
- Host string
- The hostname of the client from which you're sending data.
- Intg
Guid string - Name string
- The Alert Channel integration name.
- Org
Level bool - Port float64
- The destination port for forwarding events.
- Ssl bool
- Enable or Disable SSL.
- Test
Integration bool - Whether to test the integration of an alert channel upon creation and modification
- Type
Name string
- alert
Channel StringSplunk Id - channel String
- The Splunk channel name.
- created
Or StringUpdated By - created
Or StringUpdated Time - enabled Boolean
- The state of the external integration. Defaults to
true. - event
Data AlertChannel Splunk Event Data - hec
Token String - The token you generate when you create a new HEC input.
- host String
- The hostname of the client from which you're sending data.
- intg
Guid String - name String
- The Alert Channel integration name.
- org
Level Boolean - port Double
- The destination port for forwarding events.
- ssl Boolean
- Enable or Disable SSL.
- test
Integration Boolean - Whether to test the integration of an alert channel upon creation and modification
- type
Name String
- alert
Channel stringSplunk Id - channel string
- The Splunk channel name.
- created
Or stringUpdated By - created
Or stringUpdated Time - enabled boolean
- The state of the external integration. Defaults to
true. - event
Data AlertChannel Splunk Event Data - hec
Token string - The token you generate when you create a new HEC input.
- host string
- The hostname of the client from which you're sending data.
- intg
Guid string - name string
- The Alert Channel integration name.
- org
Level boolean - port number
- The destination port for forwarding events.
- ssl boolean
- Enable or Disable SSL.
- test
Integration boolean - Whether to test the integration of an alert channel upon creation and modification
- type
Name string
- alert_
channel_ strsplunk_ id - channel str
- The Splunk channel name.
- created_
or_ strupdated_ by - created_
or_ strupdated_ time - enabled bool
- The state of the external integration. Defaults to
true. - event_
data AlertChannel Splunk Event Data Args - hec_
token str - The token you generate when you create a new HEC input.
- host str
- The hostname of the client from which you're sending data.
- intg_
guid str - name str
- The Alert Channel integration name.
- org_
level bool - port float
- The destination port for forwarding events.
- ssl bool
- Enable or Disable SSL.
- test_
integration bool - Whether to test the integration of an alert channel upon creation and modification
- type_
name str
- alert
Channel StringSplunk Id - channel String
- The Splunk channel name.
- created
Or StringUpdated By - created
Or StringUpdated Time - enabled Boolean
- The state of the external integration. Defaults to
true. - event
Data Property Map - hec
Token String - The token you generate when you create a new HEC input.
- host String
- The hostname of the client from which you're sending data.
- intg
Guid String - name String
- The Alert Channel integration name.
- org
Level Boolean - port Number
- The destination port for forwarding events.
- ssl Boolean
- Enable or Disable SSL.
- test
Integration Boolean - Whether to test the integration of an alert channel upon creation and modification
- type
Name String
Supporting Types
AlertChannelSplunkEventData, AlertChannelSplunkEventDataArgs
Import
A Lacework Splunk Alert Channel integration can be imported using a INT_GUID, e.g.
$ pulumi import lacework:index/alertChannelSplunk:AlertChannelSplunk ops_critical EXAMPLE_1234BAE1E42182964D23973F44CFEA3C4AB63B99E9A1EC5
-> Note: To retrieve the INT_GUID from existing integrations in your account, use the
Lacework CLI command lacework alert-channel list. To install this tool follow
this documentation.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- lacework lacework/terraform-provider-lacework
- License
- Notes
- This Pulumi package is based on the
laceworkTerraform Provider.