This feature is in beta. Help us shape it.
Connect
- CLI
Run tero
Open your terminal and run:This opens the Tero TUI, which guides you through setup.
Don’t have the CLI installed? See the quickstart.
Log in to Tero
The TUI opens your browser to create an account or log in. Complete the flow in your browser, then confirm the code shown in your terminal. The TUI logs you in automatically.
Enter your Splunk URL
Enter your Splunk instance URL. For Splunk Cloud, this is
your-instance.splunkcloud.com. For Splunk Enterprise, it’s your self-hosted URL.Create an authentication token
The TUI asks for an authentication token. Splunk uses this to authenticate API requests.In Splunk, go to Settings → Tokens. Click New Token, select a user with the appropriate role (see Permissions), and set an expiration. Copy the token and paste it into the TUI.
Context
When you connect Splunk, Tero adds to your context graph. Your logs and services become connected and understood.Services
Your services and their relationships.
Log Events
Your logs compressed into semantic events Tero can reason about.
Actions
With write access, Tero can take action directly in Splunk:
Permissions
Splunk uses capabilities to control access. Create a role with the capabilities Tero needs, or use an existing role.| Role | What it gives Tero |
|---|---|
| admin | Full context and actions |
| power | Context only — you take action elsewhere |
| Custom | You decide — see below |
Custom role capabilities
Create a custom role if you need fine-grained control.Context (read)
Context (read)
| Capability | What Tero can do |
|---|---|
search | Search your logs |
list_inputs | List data inputs |
get_metadata | Read index metadata |
Actions (write)
Actions (write)
| Capability | What Tero can do |
|---|---|
list_ingest_rulesets | View ingest action rulesets |
edit_ingest_rulesets | Create and modify rulesets |
Start minimal and add capabilities later. Update the token’s role in Splunk and Tero picks up the changes automatically.