Skip to main content

Celonis Product Documentation

Sending audit logs to Splunk

By creating an OAuth client and granting that client API permissions, you can configure a RESTful HTTP GET request for your Celonis Platform audit logs. This GET request can then be configured as a data input in your Splunk account, enabling Splunk to frequently pull your audit logs from your team.

Before using your Splunk account, you need to complete the following steps in the Celonis Platform:

After completing these steps, you can then add the data input in your Splunk account. As this is an external platform, we recommend viewing their website for the latest step-by-step guides and user interfaces: Splunk.com - Getting data from your REST APIs in Splunk.

For illustration purposes only, the following is an example of adding a new data input in Splunk:

example_from_splunk.png

Creating an application and granting it API permissions

To start, you need to create an OAuth client in your team and then grant this client API permissions.

  1. Click Admin & Settings and select Applications.

  2. Click Add New Application - OAuth client and create your OAuth client.

    Create a new OAuth client. Click ​Add New Application​ -> ​OAuth client​​.

    When creating your OAuth client, use the following configurations:

    • Authentication method: Client secret post

    • Scopes to select:

      • audit.log:read (for the Audit Log API)

      • platform-adoption.tracking-events:read (for the Studio Adoption API)

      • team.login-history:read (for the Login History API)

    New OAuth Client. Select the client scope: audit, platform-adoption, and team.

  3. Click Create and then copy the client ID and client secret to your clipboard for later use.

  4. Click Permissions and edit Team permissions.

    Edit_team_permissions.png

  5. Assign Audit Log API, Login History API, and Studio Adoption APIs permissions to your newly created application as required.

    assign_api_permissions.png

  6. Click Save.

    The OAuth client now has the relevant API permissions. You now need to request an OAuth access token.

Tip

Alternatively, you can create an application key and assign the following permissions: Audit Log API, Login History API, and Studio Adoption APIs.

For more information, see: Application keys.

Requesting OAuth access tokens

After registering your OAuth client and assigning it the necessary permissions in your Celonis Platform team, you can now use a REST API client such as Postman to make a POST request for your access token.

To do this, you need your token URL:

https://<team>.<cluster>.celonis.cloud/oauth2/token

And in Postman:

After registering your OAuth client and assigning it the necessary permissions in your Celonis Platform team, you can use a REST API client such as Postman to make a POST request for your access token.

You then need to append at least two query parameters to your token URL:

  • Grant type: This must be 'client_credentials' as this is currently the supported grant type for OAuth clients.

  • Scope: This should be the Celonis platform services that you have granted permissions to (based on the service string). In our example, we've included Studio:

https://<team>.<cluster>.celonis.cloud/oauth2/token?grant_type=client_credentials&scope=studio

And in Postman:

After you append two query parameters to your token URL, they appear like this in Postman.

You can then configure the Authorization. In this example, we're using a basic authentication using a username (the client ID) and password (the client secret):

Configure the Authorization. In this example, we're using basic authentication with a username (the client ID) and password (the client secret).

This configuration gives you an OAuth request such as:

curl --request POST \
  --url https://<team>.<cluster>.celonis.cloud/oauth2/token \
  --header 'content-type: multipart/form-data' \
  --form client_id=<client id> \
  --form client_secret=<client secret> \
  --form grant_type=client_credentials \
  --form scope=<scope1 scope2 scopeN>

And running the request returns a response that includes your access token:

{
	"access_token": "randomizedAcessToken",
	"scope": "scope1 scope2 scopeN",
	"token_type": "Bearer",
	"expires_in": 899
}

This access token can then be used with a bearer token authentication method to request access to and information from the Celonis Platform services you need:

The bearer token. Use this with the access token to request access to the Celonis Platform services you need.
Testing API with Swagger UI

You can now test your APIs with Swagger UI. To do this, you need your team name and environment cluster and your OAuth client from the earlier procedure.

You can find your team name and environment cluster from any URL, for example from the Permissions page from the procedure above.

https://[teamname].[realm].celonis.cloud/ui/team/permissions

With your team name and environment cluster, you can then access the Swagger UI using this URL:

https://[teamname].[realm].celonis.cloud/swagger-ui/index.html?configUrl=/log/v3/api-docs/swagger-config

Once on the Swagger UI, follow these steps to test your API:

  1. Click Authorize.

    The Swagger UI. You can test your API here.

  2. When using an OAuth client: Enter ‘Bearer’ followed by a space and then copy the client ID you obtained for the client. For example:

    Bearer XxxxxxAxxxxBxxxxCxxxXBBBBX

    When using an application key: Enter 'AppKey' followed by a space and then copy your application key from the earlier procedure. For example:

    AppKey XxxxxxAxxxxBxxxxCxxxXBBBB
    authorization_key.png

  3. Click Authorize. Once authorization is successful, click Close.

  4. Expand the GET call for the API you want to test and click Try it out.

    expand_and_try_it_out.png

  5. Click Execute.

    Click Execute to test your API with Swagger.

    You will now see the response from the API, including the header that shows the AppKey Token and the URL.