...
The Data Theorem Splunk application is a private Splunk App distributed by Data Theorem that automates log analysis. It searches for Web , Inc. for API Security. It it design to analyze Splunk logs for API attacks, API abuses, and API threats. It analyzes events as defined by the Splunk Common Information Model (CIM) add-on and sends the resulting access logs to Data Theorem for analysis. All customer data stays “On-Prem” or in your cloud, where only the metadata on events is shown on the Data Theorem portal. 
The data flow diagram is below:
System Requirements
Splunk Enterprise version 9.x (Python 3.9 recommended)
Supported Operating System Requirements
Linux
Architecture:
x86_64
Dependencies
Supported Splunk Deployment Types
Standalone deployment: The app can be be deployed in a standalone Splunk instance, where Splunk performs both the search head and indexer roles.
Distributed deployment: In a distributed setup, where the search head is separate from indexers, ensure the app is deployed on the search head to perform the scheduled queries.
...
The Data Theorem Splunk App searches analyzes only indexes containing Web CIM data, and uses only the below list of fields from the Web CIM model. The Web CIM fields contain metdata about requests, e similar to the information in an nginx or webserver access log. By using only defined fields on indexed Web CIM logs, there is minimal risk of accidental disclosure of sensitive data.
...
Download the Data Theorem Splunk App from the Data Theorem portal
Copy the Data Theorem API Key
Install the app on Splunk deployment
When prompted, paste the API Key from the Data Theorem portal
...