Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Horizontal Navigation Bar

Horizontal Navigation Bar Page


Splunk is a powerful tool for searching and exploring data. It can help predict, identify, and solve problems related to business, information technology (IT), DevOps, and security in real time.

Features include:

  • Indexing source data from websites, applications, servers, databases, operating systems and more
  • Obtaining data feeds via both push and pull methods
  • Searching data to create reports and powerful dashboard panels
  • Configuring alerts to notify when searches meet configured conditions
  • Creating dashboards to visualize results from completed searches and data from real‑time background searches
  • Generating reports from saved searches or adding reports to dashboards. Reports can be run on an ad hoc basis or scheduled to run on regular intervals. Scheduled reports can also generate alerts.


  • All users requesting Splunk access must first have access to Zscaler. For instructions on the process, refer to the Zscaler

Horizontal Navigation Bar Page
titleGetting Started

Tabs Container
titleQuick Start Menu

Tabs Page
titleUser Role Request

Requesting a Splunk User Role (Obtaining a User Role)

The following steps provide instructions for requesting a Splunk user role:

Step 1:  If you do not yet have a HARP account or an EIDM or EUA account, click here to sign up for a HARP account.

Step 2:  Once your HARP account has been created, log in to HARP and request a QualityNet Splunk entitlement via a HARP User Role.

  • Select Request a Role in HARP from the HARP homepage.
  • On the Select a Program page, select QualityNet-Splunk
  • On the Select an Organization page, select your Contract name (for contractors) or CMS Federal Employee (for CMS Federal employees)
  • On the Select Roles page, select a QualityNet Splunk user role (choose one)
    • Splunk_SO
    • Splunk_User
  • Click the Submit button
  • Enter your reason for requesting the selected role in the Request Reason text field.
  • Click the Submit button

Step 3: The organization's Security Official reviews and approves/denies the user role request. You will be notified via email that your request has been submitted, and again when your role has been approved or denied.


Step 4: Connect to the QualityNet network via Zscaler using your HARP Credentials. To obtain information on accessing Zscaler, please follow this link Zscaler Access, and click on the Get Started Tab to view the steps for requesting Zscaler.

Step 5: Log into Splunk using your HARP credentials.

Tabs Page
titleLog Request

Requesting Application Log Ingestion or Splunk App Request

The following steps provide instructions for requesting application logs be ingested into a Splunk index to search and analyze data as well as create alerts, reports, and dashboards:

Step 1:  Login to ServiceNow at using your HARP credentials.

Step 2:  Locate Cloud request:

  1. Type “catalog” in the Filter Navigator
  2. Select IT Services Catalog
  3. Select Cloud
  4. Select Other Cloud Services
  5. Select Other Cloud Services Request
  6. Select Contract Name, Priority, and Need by date
  7. For Service Request Details, provide information including the following:
  • Hostnames, Hostname match, or IP range for inputs to be deployed
  • Application log directories to be ingested (Splunk user on hosts must have read access to directories/logs)
  • Index name to be used or created for ingestion
  • Users or group required access to index
  • If requesting a new Splunk add-on or application, please specify the name
  • Upon completion of the request, please verify data is being ingested and accessible

Horizontal Navigation Bar Page
titleSplunk Dashboards


The Splunk App for AWS offers a variety of dashboards to that provide insight into your AWS data by providing an overview of your AWS Environment including configuration changes, usage, and security.

Splunk dashboards can be configured by the HIDS DevOps team for your application. Please use one of the following methods to request a Splunk dashboard:

Horizontal Navigation Bar Page
titleAdditional Resources


Additional information can be found at as well as 

Splunk - Removing Data (

Horizontal Navigation Bar Page



titleWhat is Splunk?

Splunk is the data collection backbone for security operations to create a unified, interoperable security operations capability across all data centers.  


titleWhat are the requirements for requesting access?

User(s) must have valid qualnet AD accounts. Splunk is not currently integrated with HARP or any other SSO provider.

titleHow do I log into Splunk?

Log into Splunk at using your HARP credentials

You must be connected to Zscaler before logging into Splunk

titleNeed Help ?

Please contact one of the following:

  • Find us on Slack #help-devsecops. Slack is monitored Monday through Friday, 8:00am - 6:00pm.

  • For assistance with HARP, please contact the CCSQ Service Center at: