Introduction
Forwarding HCP Terraform Audit logs to Splunk using the official HCP Terraform for Splunk app enables robust monitoring and analysis of HCP Terraform environment. The app can be used with Splunk Cloud and Splunk Enterprise.
Expected Outcome
By integrating Splunk with HCP Terraform, audit logs from HCP Terraform are regularly pulled into Splunk, immediately giving visibility into key platform events within the predefined dashboards.
Prerequisites
- HCP Terraform Plus or Premium edition Organization as audit trails are available in HCP Terraform Plus and Premium editions.
- Should have an HCP Terraform for Splunk app downloaded (In case of Splunk Enterprise).
Procedure
-
Step 1 : Create an Audit Trail Token for an HCP Terraform Organization by following Step :
Go to: https://app.terraform.io > Navigate to: Organization Settings → Security → API Tokens > Under Audit Token, generate the token.
-
Step 2 : Login to Splunk Cloud/Enterprise Admin Platform and navigate to Find more Apps.
Search for HCP Terraform for Splunk app and Install.
Once installed, navigate to open the app and it will redirect to the HCP Terraform Configuration Setup in Splunk.
Fill the Input Name and the Audit Trail Token of your Organization created in step 1 and Complete Setup.
-
Step 3 : For Splunk Enterprise, if HCP Terraform for Splunk app is not visible in Search. Download the HCP Terraform for Splunk app from the official splunkbase site and navigate to Manage -> Install App from File.
Choose the file downloaded in previous step and upload. It will prompt to restart the Splunk.
Once installed, navigate to Splunk Enterprise Admin home page -> Manage -> Search for HCP Terraform for Splunk -> Setup. It will redirect you to HCP Terraform Configuration Setup in Splunk, fill the Input name and Audit Trail Token and complete Setup same as above.
-
Step 4 : Now the splunk Integration with HCP Terraform is completed. Check the Terraform Audit logs in Splunk Search and Reporting Dashboard.
Note: This app is currently not supported on a clustered deployment of Splunk Enterprise.