Installing the App
- If this is your first time setting up the Lookout Splunk App, create an API Key:
- Log into the Lookout MES Console as an administrator.
- Select System > Application Keys.
- Click Generate an application key and enter a label for the key.
- Capture your generated key by clicking Click to Copy Application Key to Clipboard.This copies the key to your clipboard. This key is unique for the data in your tenant.
- Copy the key from your clipboard into a text file.Note:
IMPORTANT: Copy the key immediately, as you will not be able to see it again after this procedure. If you lose your key, you can generate a new one and delete the old one from the Application Keys module.
- Add the Lookout app to your Splunk installation:
- Log in to Splunk Enterprise.
- Click the Manage Apps gear icon in the upper-left:
- Click Browse more apps.
- Search for
Lookout Mobile Security
and install the Lookout Mobile Security Splunk App: - After installing, click Restart Now when prompted to complete installation.
- Configure the Lookout Splunk app:
- Launch the app from the left sidebar on the homepage, or the Apps dropdown on the top navigation bar.
- Click Continue to app setup page.
- Enter the following:
Field Value Splunk Username Your Splunk Enterprise administrator credentials. Splunk Password Enterprise Name Your company name.
Note:IMPORTANT: If you are already using the Lookout Splunk App, this value must exactly match the previous
ent
value listed in the key-value store under Datasets > kvstore_lookup.Lookout API Key Use the API Key you generated in Step 1.
Note:IMPORTANT: If you are already using the Lookout Splunk App, this value must exactly match the previous
application_key
value listed in the key-value store under Datasets > kvstore_lookup. - Click Submit.After saving the configuration settings, Splunk redirects you to the Search page where you can search indexed data.
You can review or modify this configuration by clicking Manage Tenant in the navigation menu.