Skip to main content


Pack Assets​


The Centreon Monitoring Connector Splunk brings a host template:

  • App-Monitoring-Splunk-Api-custom

It brings the following service templates:

Service AliasService TemplateService DescriptionDefault
Index-UpdateApp-Monitoring-Splunk-Index-Update-ApiCheck indexes last update timeX
Query-Matches-NumberApp-Monitoring-Splunk-Query-ApiCheck number of results for a query. Query has to start with "search ".Example
Splunkd-HealthApp-Monitoring-Splunk-Splunkd-Health-ApiCheck the overall health of splunkd. The health of splunkd is based on the health of all features reporting it.X

Collected metrics & status​

Metric NameUnit


To use this plugin, you have to configure a user with privileges allowing him to call these endpoints:

  • /services/data/indexes
  • /services/server/health/splunkd/details
  • /services/search/jobs/*


Monitoring Pack​

If the platform uses an online license, you can skip the package installation instruction below as it is not required to have the pack displayed within the Configuration > Monitoring Connector Manager menu. If the platform uses an offline license, install the package on the central server with the command corresponding to the operating system's package manager:

dnf install centreon-pack-applications-monitoring-splunk-api

Whatever the license type (online or offline), install the Splunk Pack through the Configuration > Monitoring Connector Manager menu.


Since Centreon 22.04, you can benefit from the 'Automatic plugin installation' feature. When this feature is enabled, you can skip the installation part below.

You still have to manually install the plugin on the poller(s) when:

  • Automatic plugin installation is turned off
  • You want to run a discovery job from a poller that doesn't monitor any resource of this kind yet

More information in the Installing the plugin section.

Use the commands below according to your operating system's package manager:

dnf install centreon-plugin-Applications-Monitoring-Splunk-Api



  • Log into Centreon and add a new host through Configuration > Hosts.
  • Fill the Name, Alias & IP Address/DNS fields according to your Splunk server settings.
  • Apply the App-Monitoring-Splunk-Api-custom template to the host.
  • Once the template is applied, fill in the corresponding macros. Some macros are mandatory.
SPLUNKAPIEXTRAOPTIONSAny extra option you may want to add to every command line (eg. a --verbose flag)
SPLUNKAPIHOSTIP Address or FQDN of your Splunk instance
SPLUNKAPIPORTAPI Listening port (Default: '8089')
SPLUNKAPIPROTOCOLAPI Protocol (Default: 'https')

How to check in the CLI that the configuration is OK and what are the main options for?​

Once the plugin is installed, log into your Centreon poller's CLI using the centreon-engine user account (su - centreon-engine) and test the plugin by running the following command:

/usr/lib/centreon/plugins// \
--plugin=apps::monitoring::splunk::plugin \
--mode=index-update \
--hostname='' \
--port='8089' \
--proto='https' \
--api-username='' \
--api-password='' \
--index-name='' \
--warning-index-last-update-seconds='600' \
--critical-index-last-update-seconds='900' \
--verbose \

The expected command output is shown below:

OK: last update: 5 minutes  | 'splunk.index.last.updated.seconds'=300s;;;0; 

All available options for a given mode can be displayed by adding the --help parameter to the command:

/usr/lib/centreon/plugins// \
--plugin=apps::monitoring::splunk::plugin \
--mode=index-update \

All available modes can be displayed by adding the --list-mode parameter to the command:

/usr/lib/centreon/plugins// \
--plugin=apps::monitoring::splunk::plugin \


Please find the troubleshooting documentation for the API-based plugins in this chapter.