Splunk
Stream Action Certificate telemetry into Splunk for audit, detection, and FinOps reporting. Optional writes update KV stores with certified state.
Monthly verification • last run September 2025
Modes & scopes
Modes
- Read-first
- Write-gated (ticketing integration)
Scopes
- Search API token
- Optional KV store write scope
Runbook highlights
Connection modes
Private connectivity via Splunk Private Link or self-hosted forwarder inside your VPC.
Learning Controls
Saved searches validate coverage of certificate IDs and policy hashes before automation executes.
Evidence
Certificates reference Splunk index, sourcetype, and search version to ensure traceability.
Sample automations & evidence
Sample automations
- Publish certified write metrics to compliance dashboard
- Trigger ServiceNow incident from Splunk detection
Action Certificate mapping
Every certificate embeds connector identifiers, residency policy hashes, and Learning Control references so downstream systems can verify scope before allowing writes. Export verification logs to Splunk/Datadog using thetrustplane.certificate_id attribute.
Need a signed runbook?
Request a signed copy of this connector runbook, DPIA, or sub-processor alignment via the security contact form. We respond within one business day and can include environment-specific attestations.
Contact security