Files.com keeps a record of everything that happens to your files — every login, upload, download, permission change, and automation run. This integration sends that record straight into Splunk as it happens, so file activity shows up in the same searches your security team already runs against the rest of their data.
Your security team already sends firewall, endpoint, cloud, and application logs into Splunk. File movement is usually the gap — partner SFTP sessions and transfers of regulated data happen inside the file platform, where Splunk can't see them. Files.com closes that gap by sending its own activity into Splunk, so file activity lines up next to everything else.
Files.com sends a record of every login, upload, download, permission change, automation run, and API call to Splunk the moment it happens. Your security team sees who did what to your files right in Splunk, next to everything else they watch — instead of piecing it together after something goes wrong.
Files.com sends events directly into Splunk through its HTTP Event Collector — the path Splunk is built to receive on. Nothing extra to install in between, and nothing extra to keep running.
Everything streams by default. If you only want some of it, pick what each Splunk instance gets — settings changes to one place, SFTP sessions to another.
The events come from the Files.com audit log, which can't be edited and is kept for 7+ years. Splunk does the searching and alerting; Files.com holds the original, trustworthy record every event came from.
The same setup sends to Splunk running on your own servers and to Splunk Cloud. The only thing that changes is the address you paste in.
Splunk reads the events; it doesn't decide who can touch which files or keep the record of what they did. Files.com does that part — access folder by folder, every action written to a record that can't be changed, and the same company logins your team already uses. That record is exactly what gets sent to Splunk.
Hand each team, project, or person the exact folders they need. The person you see in a Splunk search is the same account Files.com controls access for.
Every login, upload, download, and permission change is written to a record that can’t be altered and is kept for 7+ years — the same record each event sent to Splunk traces back to.
People sign in with your company login through SSO, SAML, and SCIM. When someone leaves, you cut their file access in one place.
The stream to Splunk is encrypted and runs with a token. Files.com also logs the act of sending, so if a delivery fails you can see it and look into it.
The main way most teams use this. Files.com sends each event into Splunk the moment it happens, so you can watch, correlate, and alert in real time. This is an Enterprise-plan feature; it isn't on Starter or Power.
Instead of a live stream, Files.com can write log files to a folder on a schedule you set, from every 5 minutes up to every 6 hours. Useful when Splunk ingests in batches, when the network is locked down, or when you want a long-term archive alongside the live feed.
Someone downloads far more files than usual over SFTP. Files.com sends each download to Splunk as it happens, so a Splunk rule can alert on it right next to the endpoint and network activity already on the dashboard — one place to look, not several.
After a suspected breach, your team searches Splunk for every file the account touched — uploads, downloads, links it opened, permissions it changed — instead of rebuilding the story from raw network captures. Every event traces back to the tamper-proof record.
Partner SFTP sessions show up in Splunk. Your ops team can build dashboards on which transfers succeed, which logins fail, and which connections drop — and get alerted when a partner's nightly batch stops arriving.
Every setting change — including turning MFA on or off — shows up in Splunk as it happens. So if a security control gets changed when it shouldn't, you get an alert that day instead of finding out at the next audit.
The 7+ year record that can't be altered — the trustworthy source every event sent to Splunk comes from.
Learn MoreEvery automation run is an event you can watch and alert on in Splunk — so a job that breaks shows up instead of failing quietly.
Learn MoreThe same trustworthy record feeding Splunk is the evidence a SOC 2, HIPAA, or GDPR review asks for.
Learn MoreWhat buyers ask about how Files.com connects to Splunk, what it costs, and what the integration actually does.
Start a free 7-day trial. Drop in your HEC token, send a test event, and watch file activity land in your Splunk search. No credit card required.
No credit card required • 7-day free trial • Setup in minutes