Splunk® Intelligence Management (Legacy)

User Guide

Set up a dedicated service account for API keys and tracking

Splunk Intelligence Management integrations and user management allows users to set-up a service account to utilize when configuring with the Splunk Intelligence Management API. This practice enables companies to have a dedicated account for affiliated API keys and tracking.

It is best practice to set up a separate service account for each integration and/or script. This prevents integrations from competing with each other for the per-minute API limit.

Set up a service account

You must be a company administrator to set up a service account.

To create a dedicated service account, follow the steps below.

  1. Select User Settings on the navigation bar, then select Settings from the dropdown menu.
  2. Click Users on the Settings menu.
  3. Click Add User in the Users panel.
  4. Fill out the fields below:
    Field Description
    Name Create a name that clearly indicates the purpose of the account. For example, if you are going to use this account with a Splunk integration, create an account with first name of Splunk and last name of Integration. This enables you to quickly locate integration accounts, either in the Users panel or when you export the user list to a .csv file.
    Email address You can't use an email address already credentialed on Splunk Intelligence Management, so either you or your organization's mail administrator must create a new email address. Carrying on with the example above, you can create the email address splunk_integration@acme.com.
    Role Choose User, not Company Administrator for service accounts.
    Enclave permissions Settings here depending on the integration, as each integration may require a different level of permission to be used effectively. Splunk Intelligence Management recommends checking the documentation for the integration to understand what permissions levels required to access the enclave for that integration. Choices for this setting are
    • No Access
    • View Only: Can only see reports but can not create nor modify data for that enclave
    • Submission Access: Can submit and see data in the enclave but cannot delete or modify data.
    • Full Access: Can read, write, delete, and modify anything in the enclave
  5. Click Save User to send the new credentials to the email account you specified in step 4 above.

    If you change the email address for a service account is updated, you must regenerate the API keys in the Splunk Intelligence Management Web App.

Example Splunk service account

The following screenshot show an example Splunk service account.


Activity on a service account is counted against your organization's user limit. To discuss increasing this limit, contact your Splunk Intelligence Management account executive.

To read more on user management, see the Managing Users article.

Last modified on 21 April, 2022
Set up multi-factor authentication to secure access to your Splunk Intelligence Management environment   Update your user settings

This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters