Splunk is a software platform that helps organizations search, monitor, and analyze data from various third-party sources. Verkada allows users to build out efficient workflows to push information from their Command organizations into their Splunk instances through a built-in integration.
When you integrate Verkada with Splunk, it allows you to centralize and analyze your video surveillance data within the broader context of your operational data, which enables better insights and decision-making. You can use this implementation to bring in people and vehicle counts across all cameras in your organization, including device notifications.
Before you begin, you must have:
An active Splunk instance with Admin access. Learn more about Roles and Permissions for Command.
Org Admin permissions to your Verkada organization.
A valid Verkada API key. Learn how to generate a Verkada API key
There are 2 ways you can set up the integration:
Download and install the Splunk Enterprise software
Download the Splunk Enterprise software at https://www.splunk.com/en_us/download.html. If you already have a Splunk Enterprise account installed and setup, proceed to step 4.
Select the corresponding installation package, depending on the operating system you are running (Windows, Linux, or MacOS). We recommend downloading the .dmg package for an easier setup process.
Once the Splunk Enterprise package is installed, open the application. You should be redirected to a Terminal or PowerShell window where you can create your account credentials (username and password).
Important: Keep these credentials. You need them (later) to log in to Splunk and set up the Verkada integration. Once you create your account, you should receive an email to verify your account. Be sure to check your inbox and complete this step before moving forward with the setup process.The Splunk application should open automatically after setting your username and password. Log in using the credentials you set up in step 3. If the Splunk Enterprise window does not open, navigate to the following URL to log in:
http://localhost:8000/en-US/account/login?return_to=%2Fen-US%2Fapp%2Flauncher%2FhomeThe Splunk homepage is where all of your applications for various integrations, including Verkada, are managed and configured.
At the top left, click the Apps dropdown and select Find more apps.
On Browse More Apps:
In the search box, enter Verkada. This returns 2 applications.
Install the Verkada application that has been most recently updated (verkada add-on).
Click Install for the Verkada app.
On Login and Install:
Enter your Splunk account credentials to verify your account.
Note: These credentials are different from those created in step 3. To install the app, use the email and password used to log in to your general Splunk account. (https://www.splunk.com/).
Click Agree and Install.
Download and install the software on Splunkbase
If the above install method does not work, there is an alternative way described here.
Download the app at https://splunkbase.splunk.com/app/6971.
Click Download to download the Verkada add-on application.
When the package is downloaded:
Go back to your Splunk Enterprise account.
Under the Apps dropdown, select Manage Apps.
On Manage Apps, at the top right, click Install app from file.
You are then redirected to a new page that prompts you to choose the install file for the application you want to add to your Splunk instance.
On Install App From File:
Click Choose File.
In your Downloads folder, find the recently downloaded file (verkada-add-on_126.tgz).
Select the file and click Upload.
Once the app is downloaded, under Apps, you should see the Verkada Add-On tab on your homepage.
Click the Verkada Add-On tab. This redirects you to a new page which is where you can set up and manage your Verkada integration.
On your Verkada App page, at the top right, click Add Input. This allows you to create 2 different types of inputs:
verkada_insights provides the object-detection information for each camera in your organization. At regularly scheduled intervals, it displays the count for both people and vehicles that were detected, and the associated timestamp for those counts.
verkada_notifications provides the full list of all notifications generated by your Verkada devices.
Depending on your use case with Verkada’s Splunk integration, create a new input for verkada_insights, verkada_notifications, or both.
Note: To generate results for both options, you need to create 2 separate inputs for each feature.
Once you have selected your input, you are prompted to enter the following settings:
Unique name for your data input
Time interval (in seconds) for each processed input
Index (recommended default)
Your Verkada Command organization ID
Your Verkada API key.
Click Add.
Once you have added this new data input, you can see it under the Verkada app’s Input tab, with the corresponding name that you created in step 11.
Verify that the integration is successful:
Troubleshooting
When updating from version 1.1.0 to version 1.2.6, there may be some new inputs which may not show up immediately. If this is the case, please follow the steps below to resolve the issue:
Restart your Splunk instance and log back into your account.
If all 3 inputs are still not showing up, delete and reinstall the Verkada Add-On App:
Navigate to your Splunk Application directory.
Delete the folder
SPLUNK_HOME/etc/apps/TA-verkada-add-on
.Note: You may need to restart your Splunk instance for the change to take effect.
Proceed back to step 1 of this setup guide to download the Verkada Add-On application from Splunk.
You should now see the new inputs under the Verkada application.
There may be other common issues which could lead to errors in data pulling:
Expired Verkada API key.
Incorrect Command Organization ID
For a more detailed view and understanding of ongoing integration issues, users can access the full Splunk logs located in SPLUNK_HOME/var/log/splunk
. You can adjust the logging level in the add-on configuration tab
Need more help? Contact Verkada Support.