Verkada Splunk Integration

Download the Splunk Enterprise software at https://www.splunk.com/en_us/download.html. If you already have a Splunk Enterprise account installed and setup, proceed to step 4.

Select the corresponding installation package, depending on the operating system you are running (Windows, Linux, or MacOS). We recommend downloading the .dmg package for an easier setup process.

Once the Splunk Enterprise package is installed, open the application. You should be redirected to a Terminal or PowerShell window where you can create your account credentials (username and password).

​ ​Important: Keep these credentials. You need them (later) to log in to Splunk and set up the Verkada integration. Once you create your account, you should receive an email to verify your account. Be sure to check your inbox and complete this step before moving forward with the setup process.

The Splunk application should open automatically after setting your username and password. Log in using the credentials you set up in step 3. If the Splunk Enterprise window does not open, navigate to the following URL to log in:

​ http://localhost:8000/en-US/account/login?return_to=%2Fen-US%2Fapp%2Flauncher%2Fhome

The Splunk homepage is where all of your applications for various integrations, including Verkada, are managed and configured.

At the top left, click the Apps dropdown and select Find more apps.

On Browse More Apps:

a. In the search box, enter Verkada. This returns 2 applications. b. Install the Verkada application that has been most recently updated (verkada add-on). c. Click Install for the Verkada app.

On Login and Install:

a. Enter your Splunk account credentials to verify your account. ​ ​Note: These credentials are different from those created in step 3. To install the app, use the email and password used to log in to your general Splunk account. (https://www.splunk.com/). ​ b. Click Agree and Install. ​

Download the app at https://splunkbase.splunk.com/app/6971.

Click Download to download the Verkada add-on application.

When the package is downloaded:

a. Go back to your Splunk Enterprise account. b. Under the Apps dropdown, select Manage Apps.

On Manage Apps, at the top right, click Install app from file.

You are then redirected to a new page that prompts you to choose the install file for the application you want to add to your Splunk instance.

On Install App From File:

a. Click Choose File. b. In your Downloads folder, find the recently downloaded file (verkada-add-on_126.tgz). c. Select the file and click Upload.

Once the app is downloaded, under Apps, you should see the Verkada Add-On tab on your homepage.

Click the Verkada Add-On tab. This redirects you to a new page which is where you can set up and manage your Verkada integration.

On your Verkada App page, at the top right, click Add Input. This allows you to create 2 different types of inputs:

• verkada_insights provides the object-detection information for each camera in your organization. At regularly scheduled intervals, it displays the count for both people and vehicles that were detected, and the associated timestamp for those counts.

• verkada_notifications provides the full list of all notifications generated by your Verkada devices.

Depending on your use case with Verkada’s Splunk integration, create a new input for verkada_insights, verkada_notifications, or both.

​Note: To generate results for both options, you need to create 2 separate inputs for each feature. ​

Once you have selected your input, you are prompted to enter the following settings:

a. Unique name for your data input b. Time interval (in seconds) for each processed input c. Index (recommended default) d. Your Verkada Command organization ID e. Your Verkada API key. f. Click Add.

Once you have added this new data input, you can see it under the Verkada app’s Input tab, with the corresponding name that you created in step 11.

Verify that the integration is successful:

a. Go to the Search tab. b. Enter source="verkada_insights" or source="verkada_notifications", depending on the data input you configured.