HCP Terraform for Splunk setup instructions
HashiCorp HCP Terraform customers can integrate with Splunk® using the official HCP Terraform for Splunk app to understand HCP Terraform operations. Audit logs from HCP Terraform are regularly pulled into Splunk, immediately giving visibility into key platform events within the predefined dashboards. Identify the most active policies, significant changes in resource operations, or filter actions by specific users within your organization. The app can be used with Splunk Cloud and Splunk Enterprise.
Note: Audit trails are available in HCP Terraform Plus Edition. Refer to HCP Terraform pricing for details. The Audit Trails API is not available for Terraform Enterprise.
Prerequisites
Access and support for the HCP Terraform for Splunk app requires audit logging, which is available in HCP Terraform Plus Edition.
Splunk Cloud
There are no special prerequisites for Splunk Cloud users.
Splunk Enterprise
Note: This app is currently not supported on a clustered deployment of Splunk Enterprise.
Networking Requirements
In order for the HCP Terraform for Splunk app to function properly, it must be able to make outbound requests over HTTPS (TCP port 443) to the HCP Terraform application APIs. This may require perimeter networking as well as container host networking changes, depending on your environment. The IP ranges are documented in the HCP Terraform IP Ranges documentation. The services which run on these IP ranges are described in the table below.
| Hostname | Port/Protocol | Directionality | Purpose |
|---|---|---|---|
| app.terraform.io | tcp/443, HTTPS | Outbound | Polling for new audit log events via the HCP Terraform API |
Compatibility
The current release of the HCP Terraform for Splunk app supports the following versions:
- Splunk Platform: 8.0 and later
- CIM: 4.3 and later
Installation & Configuration
- Install the HCP Terraform for Splunk app via Splunkbase
- Splunk Cloud users should consult the latest instructions on how to use IDM with cloud-based add-ons within the Splunk documentation.
- Click "Configure the application"
- Generate an Audit trails token within HCP Terraform
- Click "complete setup"
Once configured, you’ll be redirected to the Splunk search interface with the pre-configured HCP Terraform dashboards. Splunk will begin importing and indexing the last 14 days of audit log information and populating the dashboards. This process may take a few minutes to complete.
Upgrading
To upgrade to a new version of the HCP Terraform for Splunk app, repeat the installation and configuration steps above.
Troubleshooting
HCP Terraform only retains 14 days of audit log information. If there are connectivity issues between your Splunk service and HCP Terraform, Splunk will recover events from the last event received up to a maximum period of 14 days.