# Export Audit Logs to Splunk

Aisera's Gen AI platform includes the functionality to export audit logs in real-time to Splunk. This feature allows seamless integration of Aisera audit data with existing Security Information and Event Management (SIEM) systems, enhancing security monitoring and compliance.

## Integration Setup

Create the Splunk Integration:

1. Navigate to the **Settings > Integrations** page in the Aisera Admin UI.
2. Click the **+ New Integration** button.
3. Search for and choose the **Splunk** icon.
4. **Name** the integration.
5. Provide the **Splunk HTTP Event Collector (HEC) endpoint.**
6. Click **Next.**
7. Set the **Auth Type** and fill in the parameters. \
   Currently, only the **Basic** authorization type is supported for Splunk.
8. Choose **OK**.

## Data Source Setup

Add the Splunk Data Source:

1. Navigate to **Settings > Data Source** in the Aisera Admin UI.
2. Choose **+ New Data Source.**
3. Search for and select the **Splunk** icon.

<div align="left"><figure><img src="https://3281977978-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvBFXjH9S1CAy9f5hzg5Q%2Fuploads%2FkCxWESjQmyR582iDb3iA%2Fsplunk_ds.png?alt=media&#x26;token=5bd3412f-5869-4584-a6b2-7994848a3f41" alt="" width="369"><figcaption></figcaption></figure></div>

4. Click **Next.**
5. Create and add a **Name** for your **Splunk** data source.
6. Choose **Forward Events** as the function.

<div align="left"><figure><img src="https://3281977978-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvBFXjH9S1CAy9f5hzg5Q%2Fuploads%2FaIyibc3iTj4xvQsghaVZ%2Fforward_events.png?alt=media&#x26;token=4f7f0d37-ac73-4fe7-85b0-64708218b0b2" alt="" width="563"><figcaption></figcaption></figure></div>

4. Choose **Audit History** as the **Data Type**.&#x20;
5. After setting the **Data Type**, choose the name of the **Integration** that you created in the **Integration Setup** above.
6. Enter an optional **Description**.
7. Click **Next.**
8. Ignore the options in the following windows and click **Next.**
9. Click **OK**.

## Event Triggers

**To Set the Event Triggers:**

1. Navigate to **AI Automation > Event Studio** in the Aisera Admin UI.
2. Click the **+ New Event Trigger** button.
3. Add a **Name** for the Trigger.<br>

   <div align="left"><figure><img src="https://docs.aisera.com/~gitbook/image?url=https%3A%2F%2F2983236984-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FiZkLJr3EjXkd2tHYiQJP%252Fuploads%252Fo91uUxRTYqLzML2EXP0R%252Frn_16.png%3Falt%3Dmedia%26token%3D6fe66b27-b3ac-425b-83ad-6f20d96c460f&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=ccf352eb&#x26;sv=2" alt="" width="563"><figcaption></figcaption></figure></div>
4. Select **Event Forwarder** for the **Event Handler Type.**
5. Click **Next.**
6. Set the **Event Forwarder** options<br>

   <div align="left"><figure><img src="https://docs.aisera.com/~gitbook/image?url=https%3A%2F%2F2983236984-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FiZkLJr3EjXkd2tHYiQJP%252Fuploads%252FwYXzorNkHtTUHb79SLh6%252Frn_17.png%3Falt%3Dmedia%26token%3Ddf244e30-c995-4298-9cbf-657227eba437&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=5122c9a7&#x26;sv=2" alt="" width="563"><figcaption></figcaption></figure></div>
7. Select **Splunk** as the **External System.**
8. Select your Splunk Data Source as the **Data Sources** option.

<div align="left"><figure><img src="https://3281977978-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvBFXjH9S1CAy9f5hzg5Q%2Fuploads%2FBVUOsP9bx2GZRJkbRYUv%2Fevent_type_new.png?alt=media&#x26;token=45cab3df-d5fb-43e1-8c53-230c268c1235" alt="" width="563"><figcaption></figcaption></figure></div>

9. Select **AuditEvent** as the **Event Type**
10. Click **OK**