QEHSQEHS
Book a demo

Integrations / Observability + SIEM

Splunk

SIEM audit log forwarder.

Observability + SIEMGenerally availableEnterprise only

Forward the immutable audit log stream to Splunk with HEC, per-tenant source type, and structured fields for search + alerting.

Book a demoTalk to sales

Capabilities

  • HEC forwarder
  • Per-tenant source type
  • Structured fields for SPL

Setup steps

  1. Enable the Splunk connector in Settings → Integrations.
  2. Copy the QEHS metadata URL and paste it into your IdP application.
  3. Map user attributes to the required QEHS claims.
  4. Test the connection with a sandbox user.
  5. Enable for all users and verify provisioning logs.

Other Observability + SIEM connectors

Datadog

Logs + metrics forwarder.

Sumo Logic

Hosted SIEM forwarder.

Elastic

Elastic audit log stream.

Every integration is auditable

HMAC-signed webhooks, OpenAPI 3.1, SDKs in every major language.

Integrations layer sits on top of the same audit log your security team already reviews, nothing bypasses the tenant boundary.

See all integrationsProduct overview