# Splunk Integration
[The Splunk](https://www.splunk.com/) integration captures alerts from scheduled searches or log monitors and delivers them to on-call responders via ilert. By forwarding relevant technical alerts, your team can rapidly investigate critical events and reduce time to resolution based on log context.
## In ilert: Create a Splunk alert source
1. Go to **Alert sources** --> **Alert sources** and click on **Create new alert source**
2. Search for **Splunk** in the search field, click on the Splunk tile and click on **Next**.
3. Give your alert source a name, optionally assign teams and click **Next**.
4. Select an **escalation policy** by creating a new one or assigning an existing one.
5. Select you [Alert grouping](https://docs.ilert.com/alerting/configure-alerting/alert-sources#alert-grouping) preference and click **Continue setup**. You may click **Do not group alerts** for now and change it later.
6. The next page show additional settings such as customer alert templates or notification prioritiy. Click on **Finish setup** for now.
7. On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.
## In Splunk: Create a search
1. Go to Splunk and then to **Search & Reporting.** Create a search for which you’d like to create an alert.
2. Click on **Save As** and then on **Alert** to add an alert
3. On the modal window name the alert e.g. **iLert,** choose **Webhook** in the **When triggered** section and **\*\*paste the** Webhook URL **that you generated in ilert and click on** Save\*\*
4. Finished! Your Splunk alerts will now create alerts in ilert.
## FAQ
**Will alerts in ilert be resolved automatically?**
No, unfortunately Splunk alerts do not fire resolve events.
**Can I connect Splunk with multiple alert sources from ilert?**
Yes, simply create more action sequences in Splunk.
