{"id":51116580,"url":"https://github.com/oracle-devrel/terraform-oci-arch-logging-splunk","last_synced_at":"2026-06-24T22:30:38.582Z","repository":{"id":45974863,"uuid":"430722669","full_name":"oracle-devrel/terraform-oci-arch-logging-splunk","owner":"oracle-devrel","description":"terraform-oci-logging-splunk","archived":false,"fork":false,"pushed_at":"2025-01-21T20:12:49.000Z","size":644,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-04-21T14:39:36.697Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"upl-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oracle-devrel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-22T13:42:12.000Z","updated_at":"2025-01-21T20:12:53.000Z","dependencies_parsed_at":"2024-05-16T17:28:50.542Z","dependency_job_id":"dca2a4ac-1c4c-4a1f-823c-6acf79ac7b19","html_url":"https://github.com/oracle-devrel/terraform-oci-arch-logging-splunk","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":"oracle-devrel/repo-template","purl":"pkg:github/oracle-devrel/terraform-oci-arch-logging-splunk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-devrel%2Fterraform-oci-arch-logging-splunk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-devrel%2Fterraform-oci-arch-logging-splunk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-devrel%2Fterraform-oci-arch-logging-splunk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-devrel%2Fterraform-oci-arch-logging-splunk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oracle-devrel","download_url":"https://codeload.github.com/oracle-devrel/terraform-oci-arch-logging-splunk/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-devrel%2Fterraform-oci-arch-logging-splunk/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34752465,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-24T02:00:07.484Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-24T22:30:38.499Z","updated_at":"2026-06-24T22:30:38.571Z","avatar_url":"https://github.com/oracle-devrel.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-oci-arch-logging-splunk\n\nA security information and event management (SIEM) system is a critical operations tool to manage the security of your cloud resources. Oracle Cloud Infrastructure includes native threat detection, prevention, and response capabilities, which you can leverage to implement an efficient SIEM system using Splunk.\n\nSplunk Enterprise administrators can use the Logging and Streaming services with the Logging Addon for Splunk, to stream logs from resources in the cloud to an existing or new Splunk environment. Administrators can also integrate with other Splunk plugins and data sources, such as threat intelligence feeds, to augment the generation of alerts based on log data.\n\n## Reference Architecture\n\n- [Implement a SIEM System in Splunk Using Logs Streamed from Oracle Cloud](https://docs.oracle.com/en/solutions/logs-stream-splunk/index.html)\n\n## Prerequisites\n\n- Permission to `manage` the following types of resources in your Oracle Cloud Infrastructure tenancy: `vcns`, `internet-gateways`, `route-tables`, `subnets`, `stream`, `stream-pull`, `stream-push`, and `instances`.\n\n- Quota to create the following resources: 1 VCN, 2 subnets, 1 Internet Gateway, 1 NAT Gateway, 2 route rules, 2 stream/stream pool, 1 Log group, 3 Logs, 2 Service Connectors, 2 compute instances, 1 Load Balancer.\n\nIf you don't have the required permissions and quota, contact your tenancy administrator. See [Policy Reference](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm), [Service Limits](https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/servicelimits.htm), [Compartment Quotas](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcequotas.htm).\n\n## Deploy Using Oracle Resource Manager\n\n1. Click [![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?region=home\u0026zipUrl=https://github.com/oracle-devrel/terraform-oci-arch-logging-splunk/releases/latest/download/terraform-oci-arch-logging-splunk-stack-latest.zip)\n\n    If you aren't already signed in, when prompted, enter the tenancy and user credentials.\n\n2. Review and accept the terms and conditions.\n\n3. Select the region where you want to deploy the stack.\n\n4. Follow the on-screen prompts and instructions to create the stack.\n\n5. After creating the stack, click **Terraform Actions**, and select **Plan**.\n\n6. Wait for the job to be completed, and review the plan.\n\n    To make any changes, return to the Stack Details page, click **Edit Stack**, and make the required changes. Then, run the **Plan** action again.\n\n7. If no further changes are necessary, return to the Stack Details page, click **Terraform Actions**, and select **Apply**. \n\n## Deploy Using the Terraform CLI\n\n### Clone the Module\nNow, you'll want a local copy of this repo. You can make that with the commands:\n\n    git clone https://github.com/oracle-devrel/terraform-oci-arch-logging-splunk.git\n    cd terraform-oci-arch-logging-splunk\n    ls\n\n### Set Up and Configure Terraform\n\n1. Complete the prerequisites described [here](https://github.com/cloud-partners/oci-prerequisites).\n\n2. Create a `terraform.tfvars` file, and specify the following variables:\n\n```\n# Authentication\ntenancy_ocid         = \"\u003ctenancy_ocid\u003e\"\nuser_ocid            = \"\u003cuser_ocid\u003e\"\nfingerprint          = \"\u003cfinger_print\u003e\"\nprivate_key_path     = \"\u003cpem_private_key_path\u003e\"\n\n# Region\nregion = \"\u003coci_region\u003e\"\n\n# Compartment\ncompartment_ocid = \"\u003ccompartment_ocid\u003e\"\n\n````\n\n### Create the Resources\nRun the following commands:\n\n    terraform init\n    terraform plan\n    terraform apply\n\n### Destroy the Deployment\nWhen you no longer need the deployment, you can run this command to destroy the resources:\n\n    terraform destroy\n\n## Deploy as a Module\nIt's possible to utilize this repository as remote module, providing the necessary inputs:\n\n```\nmodule \"oci-arch-logging-splunk\" {\n  source             = \"github.com/oracle-devrel/terraform-oci-arch-logging-splunk\"\n  tenancy_ocid       = \"\u003ctenancy_ocid\u003e\"\n  user_ocid          = \"\u003cuser_ocid\u003e\"\n  fingerprint        = \"\u003cuser_ocid\u003e\"\n  region             = \"\u003coci_region\u003e\"\n  private_key_path   = \"\u003cprivate_key_path\u003e\"\n  compartment_ocid   = \"\u003ccompartment_ocid\u003e\"\n}\n```\n\n## Configure Splunk to access OCI Streams\n\n### Download and Install the Plugin\n\n`NOTE: Before proceeding with next steps, please open a service request with` [Oracle Support](https://support.oracle.com/portal/) `or ask your account team to reach out to virtual networking product management team to get the downloadable software of the plugin`\n\nPerform the below steps to complete Step 4.\n\n*\tDownload the plugin provided by Oracle support team.\n*\tFrom the Splunk Web home screen, click the `gear icon` next to `Apps`.\n*\tClick `Install app from file`.\n*\tLocate the downloaded plugin file and click `Upload`\n*\tIf Splunk prompts you to restart, do so.\n*\tVerify that the plugin appears in the list of apps and add-ons by clicking Apps -\u003e Manage Apps. You can also find it  on the server at `$SPLUNK_HOME/etc/apps/TA-oci-logging-addon`.\n\n    ![](./images/picture8.png)\n\n### Configure the Plugin\n\nPerform the below steps complete Step 5.\n\n*\tOn `splunk enterprise`, From the `Apps` menu, select `OCI Logging Addon`.\n\n    ![](./images/picture9.png)\n\n*\tClick `OCI Connection Information`.\n\n*   Either select to use Instance Principal (if you are using an OCI Instance). Alternatively, you can provide the connection information as shown below. \n\n    ```Note: To populate the Private Key field, open the pem file containing your OCI API signing key in your favorite text editor and paste the contents in that field.```\n\n    ![](./images/picture10.png)\n\n*\tNext click Inputs, then the Create New Input button\n\n    ![](./images/picture11.png)\n\n*\tEnter the configuration details from your OCI stream\n\n    ![](./images/picture12.png)\n\n    - `Name`: Friendly name choice\n    - `Interval`: How often you want the plugin to attempt to check for new data\n    - `Index`: Your Splunk index - recommended is `30 seconds`\n    - `Stream ID`: The `OCID` of your OCI Stream\n    - `Stream Endpoint`: For example, `https://cell-1.streaming.ap-chuncheon-1.oci.oraclecloud.com`\n    - `OCI Region`: For example, `ap-chuncheon-1`\n    - `Message Limit`: How many messages you want to retrieve with a single pull default - `10000`\n    - Partition: the partition number on your stream - for a single partition stream this value is `0`\n\n*   Click `Add`\n\n    ![](./images/picture13.png)\n\nThis completes the configuration.\n\n### Validate in Splunk\n\nNow you can query your index and see data that looks similar to the below screenshot for validation.\n\n   ![](./images/pic.png)\n\n### Implement a SIEM System in Splunk Using Logs Streamed from Oracle Cloud\n\n![](./images/siem-logging-oci.png)\n\n## Contributing\nThis project is open source.  Please submit your contributions by forking this repository and submitting a pull request!  Oracle appreciates any contributions that are made by the open source community.\n\n### Attribution \u0026 Credits\nInitially, this project was created and distributed in [GitHub Oracle QuickStart space](https://github.com/oracle-quickstart/oci-arch-logging-splunk). For that reason, we would like to thank all the involved contributors enlisted below:\n- Kartik Hegde (https://github.com/KartikShrikantHegde)\n\n## License\nCopyright (c) 2024 Oracle and/or its affiliates.\n\nLicensed under the Universal Permissive License (UPL), Version 1.0.\n\nSee [LICENSE](LICENSE.txt) for more details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foracle-devrel%2Fterraform-oci-arch-logging-splunk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foracle-devrel%2Fterraform-oci-arch-logging-splunk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foracle-devrel%2Fterraform-oci-arch-logging-splunk/lists"}