How to connect to Splunk using the Splunk SDK for PHP

The Splunk SDK for PHP is deprecated. For more information, see Deprecation notice.

To start a Splunk® session, the first thing your app must do is connect to Splunk by sending login credentials to the splunkd server. Splunk returns an authentication token, which is then automatically included in subsequent calls for the rest of your session. By default, the token is valid for one hour, but is refreshed every time you make a call to splunkd.

The basic steps to connect to Splunk with your PHP app are as follows:

  1. Start Splunk: Start the Splunk server if you haven't already.

  2. Add a reference to the SDK: Add a require_once statement to your PHP document for the Splunk SDK for PHP library, Splunk.php.

  3. Create the entry point: Create a new instance of Splunk_Service to connect to your Splunk server.

    Important: At this point, you should provide a mechanism to supply the login credentials for your Splunk server. In the example shown below, the login credentials are hard coded in an array for convenience. Similarly, in the Splunk SDK for PHP examples, the login credentials are stored in a separate PHP file. For security reasons, neither practice is recommended for your production app. Use whatever authentication mechanism you prefer (for instance, a login form) to supply the login credentials.
  4. Log in: Use the Splunk_Service class' login method to log in to the Splunk server.

The following shows an example of how to create a Splunk_Service instance and connect to Splunk:


// Import Splunk.php
require_once 'Splunk.php';

// Create an instance of Splunk_Service to connect to a Splunk server
$service = new Splunk_Service(array(
    'host' => 'localhost',
    'port' => '8089',
    'username' => 'admin',
    'password' => 'changeme',

// Log into the Splunk service

For another example of connecting to a Splunk server, complete with credentials verification, see the file "index.php" in the Splunk SDK for PHP's /examples directory.