QualityNet IT Services

Versions Compared

Old Version 4

changes.mady.by.user Kayden Stricker

Saved on

compared with

New Version 5

changes.mady.by.user Jason Tidwell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Horizontal Navigation Bar
idSplunk


Horizontal Navigation Bar Page
titleAbout

ABOUT

Splunk is a powerful tool for searching and exploring data. It can help predict, identify, and solve problems related to business, information technology (IT), DevOps, and security in real time.

Features include:

  • Indexing source data from websites, applications, servers, databases, operating systems and more
  • Obtaining data feeds via both push and pull methods
  • Searching data to create reports and powerful dashboard panels
  • Configuring alerts to notify when searches meet configured conditions
  • Creating dashboards to visualize results from completed searches and data from real‑time background searches
  • Generating reports from saved searches or adding reports to dashboards. Reports can be run on an ad hoc basis or scheduled to run on regular intervals. Scheduled reports can also generate alerts.

Prerequisites

  • All users requesting Splunk access must first have access to Zscaler. For instructions on the process, refer to the Zscaler


Horizontal Navigation Bar Page
titleGetting Started



Tabs Container
titleQuick Start Menu
directionvertical


Tabs Page
idUserRole
titleUser Role Request

Requesting a Splunk User Role (Obtaining a User Role)

The following steps provide instructions for requesting a Splunk user role:

Step 1:  If you do not yet have a HARP account or an EIDM or EUA account, click here to sign up for a HARP account.

Step 2:  Once your HARP account has been created, log in to HARP and request a QualityNet Splunk entitlement via a HARP User Role.

  • Select Request a Role in HARP from the HARP homepage.
  • On the Select a Program page, select QualityNet-Splunk
  • On the Select an Organization page, select your Contract name (for contractors) or CMS Federal Employee (for CMS Federal employees)
  • On the Select Roles page, select a QualityNet Splunk user role (choose one)
    • Splunk_SO
    • Splunk_User
  • Click the Submit button
  • Enter your reason for requesting the selected role in the Request Reason text field.
  • Click the Submit button


Step 3: The organization's Security Official reviews and approves/denies the user role request. You will be notified via email that your request has been submitted, and again when your role has been approved or denied.

 

Step 4: Connect to the HCQIS network via Zscaler using your HARP Credentials. To obtain information on accessing Zscaler, please follow this link Zscaler Access, and click on the Get Started Tab to view the steps for requesting Zscaler.


Step 5: Log into Splunk https://splunkaws.hcqis.org:8000/ using your HARP credentials.


Tabs Page
titleLog Request

Requesting Application Log Ingestion or Splunk App Request

The following steps provide instructions for requesting application logs be ingested into a Splunk index to search and analyze data as well as create alerts, reports, and dashboards:

Step 1:  Login to ServiceNow at https://cmsqualitysupport.servicenowservices.com/ using your HARP credentials.

Step 2:  Locate Cloud request:

  1. Type “catalog” in the Filter Navigator
  2. Select IT Services Catalog
  3. Select Cloud
  4. Select Other Cloud Services
  5. Select Other Cloud Services Request
  6. Select Contract Name, Priority, and Need by date
  7. For Service Request Details, provide information including the following:
  • Hostnames, Hostname match, or IP range for inputs to be deployed
  • Application log directories to be ingested (Splunk user on hosts must have read access to directories/logs)
  • Index name to be used or created for ingestion
  • Users or group required access to index
  • If requesting a new Splunk add-on or application, please specify the name
  • Upon completion of the request, please verify data is being ingested and accessible





Horizontal Navigation Bar Page
titleSplunk Dashboards

SPLUNK DASHBOARDS

The Splunk App for AWS offers a variety of dashboards to that provide insight into your AWS data by providing an overview of your AWS Environment including configuration changes, usage, and security.

Splunk dashboards can be configured by the HIDS DevOps team for your application. Please use one of the following methods to request a Splunk dashboard:


Horizontal Navigation Bar Page
titleAdditional Resources

ADDITIONAL RESOURCES

Additional information can be found at https://splunkbase.splunk.com/as well as https://qnetconfluence.cms.gov/display/HIDS/Splunk.


Horizontal Navigation Bar Page
titleRelease Notes

RELEASE NOTES


Horizontal Navigation Bar Page
titleFAQs

FAQs


Panel
borderColor#254b78
titleColor#ffffff
borderWidth1
titleBGColor#254b78
borderStylesolid
titleGeneral


Expand
titleWhat is Splunk?

Splunk is the data collection backbone for security operations to create a unified, interoperable security operations capability across all data centers.  



Panel
borderColor#254b78
titleColor#ffffff
borderWidth1
titleBGColor#254b78
borderStylesolid
titleAccess


Expand
titleWhat are the requirements for requesting access?

User(s) must have valid qualnet AD accounts. Splunk is not currently integrated with HARP or any other SSO provider.


Expand
titleHow do I log into Splunk?

Log into Splunk at https://splunkaws.hcqis.org:8000/ using your HARP credentials

Note
You must be connected to Zscaler before logging into Splunk








Panel
borderColor#254b78
titleColor#ffffff
borderWidth1
titleBGColor#254b78
borderStylesolid
titleSystem Status


Status
colourGreen
titleOperational



Panel
borderColor#254b78
titleColor#ffffff
borderWidth1
titleBGColor#254b78
borderStylesolid
titleNeed Help ?

Please contact one of the following:









...