Splunk® App for SOAR

Install and Configure Splunk App for SOAR

Configure or upgrade the service with Splunk App for SOAR

Configure Splunk App for SOAR on your Splunk search heads or search head clusters as well as on your indexers.

Obtain a Splunk Cloud Platform or Splunk Enterprise license

You need a Splunk Cloud Platform or Splunk Enterprise license to use external Splunk Cloud Platform or Splunk Enterprise with Splunk SOAR. If you don't already have a Splunk Cloud Platform or Splunk Enterprise license, work with your delivery team to purchase one.

Configure the app

Reference the sections here to determine the configuration your instance needs in order for you to use Splunk App for SOAR.

Where to configure the app in a distributed deployment

Use the table to check the compatibility of the app with Splunk Enterprise distributed deployment features.

Distributed deployment feature Supported Comments
Search Head Clusters Yes Use the search head cluster deployer to distribute apps across search head cluster members. See Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search manual.
Indexer Clusters Yes The app contains indexes or index-time transformations.
Deployment Server No The app does not contain inputs for forwarder data collection.

After you've verified compatibility, use the table to determine where to configure the app in a Splunk Enterprise distributed deployment.

Splunk instance type Can the app be configured here? Comments
Search Heads Yes Configure this app on the search head.
Indexers Yes The app contains indexes or index-time transformations.
Forwarders No The app does not contain inputs for forwarder data collection.


Configure or upgrade the app using Splunk Web

  1. Log in to the Splunk Cloud Platform or Splunk Enterprise search head.
  2. On the Applications menu, scroll to the bottom and select Find More Apps.
  3. On the Browse more apps page, locate the app in the list, or type the name in the search box.
  4. Provide your splunk.com credentials.
  5. Accept the license terms.
  6. Select Upgrade app if you want to overwrite the existing configuration (optional).
  7. Select Login and Install.
  8. Select Done.

Configure or upgrade the app from a downloaded file

  1. Log in to splunkbase.splunk.com.
  2. Download Splunk App for SOAR and save it to an accessible location.
  3. Log in to the Splunk Enterprise search head.
  4. On the Applications menu, select the Manage Apps (The manage apps icon) icon.
  5. On the Apps page, select Install app from file.
  6. On the Upload app page, select the Choose file button to locate the app.
  7. Select Upgrade app to overwrite the existing configuration (optional).
  8. Select Upload.
  9. Select Done.
Last modified on 04 February, 2025
Prepare to configure services for   Connect Splunk App for SOAR to Splunk SOAR

This documentation applies to the following versions of Splunk® App for SOAR: 1.0.57, 1.0.67, 1.0.71

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters