---
title: Splunk
description: Capture events from Splunk and overlay them onto key metrics graphs.
breadcrumbs: Docs > Integrations > Splunk
---

# Splunk
Integration version1.0.0
## Overview{% #overview %}

Connect your Splunk log monitoring to be able to:

- Get notified of your reports.
- Correlate these reports with your other metrics
- Collaborate with your team on those events

## Setup{% #setup %}

### Installation{% #installation %}

To receive your reports from Splunk into Datadog, you need to have the `datadog` python library installed on your splunk server:

```bash
pip install datadog
```

Once it is done, [get your api key and an application key](https://app.datadoghq.com/organization-settings/api-keys) and drop the following `dog-splunk.sh` script into $SPLUNK_HOME/bin/scripts

```bash
#!/bin/bash
export API_KEY=YOURAPIKEYHERE
export APP_KEY=YOURAPPKEYHERE

dog --api-key $API_KEY --application-key $APP_KEY event post \
"Found $SPLUNK_ARG_1 events in splunk" \
"Matching $SPLUNK_ARG_2 based on $SPLUNK_ARG_5," \
" from report $SPLUNK_ARG_4. More details at $SPLUNK_ARG_6." \
 --aggregation_key $SPLUNK_ARG_3 --type splunk
```

Make sure the script is executable and owned by the `splunk` user and group.

Once the script is in place, create a new report or navigate to an existing report. Click the **Edit Schedule** and check the checkbox to **Schedule the Report**. When you get to the option to **Run a Script**, enter `dog-splunk.sh` in the Filename textbox. Click **Save** and you should see the results start appearing in your Event Stream.

## Troubleshooting{% #troubleshooting %}

If you see an error code on each run of `runshellscript` in `splunkd.log`, try adding `> dog_splunk_trace.txt 2>&1` to the end of the last command. This creates a `$SPLUNK_HOME/etc/apps/search/bin/dog_splunk_trace.txt` file, which provides more detail about the problem.

If the trace file has something like the usage help for the `dog` command followed by `dog: error: unrecognized arguments: OR failed OR severe`, add single quotes around `\$SPLUNK_ARG_3` on the last line.

If the trace file includes a Traceback that ends with `pkg_resources.DistributionNotFound` or something similar, add three `unset`s to the top of your `dog-splunk.sh` script:

```bash
#!/bin/bash
unset PYTHONHOME
unset PYTHONPATH
unset LD_LIBRARY_PATH
export API_KEY=YOURAPIKEYHERE
export APP_KEY=YOURAPPKEYHERE

dog --api-key $API_KEY --application-key $APP_KEY event post \
"Found $SPLUNK_ARG_1 events in splunk" \
"Matching $SPLUNK_ARG_2 based on $SPLUNK_ARG_5," \
" from report $SPLUNK_ARG_4. More details at $SPLUNK_ARG_6." \
 --aggregation_key $SPLUNK_ARG_3 --type splunk
```

## Further Reading{% #further-reading %}

- [Correlate metrics and logs with Datadog and Splunk](https://www.datadoghq.com/blog/integrate-splunk-datadog-put-microscope-application-monitoring/)