top of page
Search

Integrate Splunk® and AbuseIPDB®

In this example, I'll show you how you can quickly and flexibly integrate your Splunk® with the AbuseIPDB API.


This is not intended to replace, but to supplement the functionality that is available via the official Splunkbase App (https://splunkbase.splunk.com/app/7040).


Using Dataflect, you can more flexibly access the API, enabling you to more seamlessly integrate the AbuseIPDB® capability set into Splunk.


Use dfsearch to search for a report on a specific IP


| dfsearch url=https://api.abuseipdb.com/api/v2/check credential=abuseipdb parameters="ipAddress=8.8.8.8"
ree


Create a Splunk® custom search command to lookup a specific IP


ree


ree

Use dfenrich to enrich your logs with information returned from the AbuseIPDB API


ree

Use dfsearch to pull the AbuseIPDB Blacklist with a minimum confidence score


Here we query the AbuseIPDB Blacklist using dfsearch. We could then output these results to a lookup and use them in correlation searches or other monitoring.


ree


Hopefully these examples help to demonstrate how easy it is to integrate Splunk® with AbuseIPDB using Dataflect. The possibilities are limitless.


Reach out to us at sales@dataflect.com if you want help implementing any use cases with AbuseIPDB that aren't discussed here!

 
 

Dataflect LLC

Denver, CO

USA

Sales: sales@dataflect.com

Support: support@dataflect.com

Dataflect LLC is in no way associated with Splunk, Inc. or any of its affiliates.

Splunk, Splunk>, and Turn Data Into Doing are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2025 Splunk Inc. All rights reserved.

© 2025 Dataflect LLC

bottom of page