The latest cloud infrastructure announcements, technical solutions, and enterprise cloud insights.

Announcing the Oracle Cloud Infrastructure Logging Plugin for Splunk

With the continued partnership with Splunk through their Technology Alliance Partner (TAP), Oracle is excited to announce the latest Splunk Technical Add-on integration known as the Oracle Cloud Infrastructure (OCI) logging plugin for Splunk. This plugin lets you ingest logs and other data directly from an OCI stream. You can install the plugin directly from Splunk Enterprise 8.0 or later or download it from Splunkbase.

A graphic depicting the architecture connecting Oracle Cloud Infrastructure to the customer infrastructure with the OCI logging addon from Splunk.

Use Case Highlights

Admins can centrally enable and collect logs from OCI resources in existing or new Splunk environments. They can also integrate with other Splunk plugins and data sources, such as threat intel feeds, to augment and enhance alerting from log data.

In comparison to push or pull mechanism described in previous blogs, we have added streaming support with the following capabilities and features:

  • Maintain a constant flow of log data

  • Multi-threaded

  • Horizontally scalable

  • Closer to real-time ingestion

  • Resilient to short-term outages

  • Optimized for efficient data usage

In concert with OCI Logging and Streaming services, this plugin enables you to stream logs for the following OCI services:

  • IAM audit logs

  • Virtual cloud network (VCN) flow logs

  • Load balancer access and error logs

  • Functions invocation logs

  • API gateway access and execution logs

  • Events service logs

  • Object Storage logs

  • Customer-generated logs

Install with ease inside Splunk marketplace

  1. From the Apps menu at the top of the page, select Manage Apps.

    A screenshot of the Splunk apps menu expanded, with Search & Reporting selected and Manage Apps outlined in red.

  2. Click Browse more apps.

    A screenshot of the Manage Apps window with the green Browse more apps button outlined in red.

  3. Search for OCI Logging.

  4. Click Install.

    A screenshot of the Browse More Apps page with OCI Logging filled into the search bar, showing the results for OCI Logging Addon for Splunk with the green Install button outlined in red.

To directly download the latest version and for further configuration steps please see the add-on instructions on Splunkbase.


For future integration scenarios and new plugins, check back in the Oracle Cloud Infrastructure Architecture Center. For assistance with the configuration and installation of Splunk add-ons and apps, see the Splunk documentation or contact Splunk Support.

Join the discussion

Comments ( 2 )
  • Prasad Thursday, October 8, 2020
    Any plans to support Audit logs integration with Splunk? I see Audit service is missing from Splunk integration even though Events service is supported with Logging/Splunk.
  • John Lodini Friday, October 9, 2020
    Hi Prasad,
    We do currently support audit as well. We have it listed in the blog as IAM audit logs.

    If you need assistance enabling this please open a SR with My Oracle Support.
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha