The Varonis DatAlert App for Splunk® enables integration with the Varonis DatAlert platform into Splunk Enterprise. Using the app's dashboards, you can locate notable Varonis alerts directly from the Splunk user interface and then drill down into Varonis DatAlert to get additional insight and the context in which the alert was generated. Additionally, the app includes field extractions that assist users in querying and visualizing Varonis alerts using Splunk Enterprise and enables the correlation of Varonis alerts with other events collected by Splunk Enterprise.

If you find any issues, use the app Splunk Answers forum or contact Varonis support.

Note: The Varonis Technology Add-On for Splunk must be installed in order for the App to pull data. Download here: https://splunkbase.splunk.com/app/4256