All Apps and Add-ons

Duo Splunk Connector: Why does the app not update the index on dashboard when a different index is configured?

rajshahcme
Engager

When configuring the Duo Splunk Connector App, if an index other than "duo" is selected, the dashboard do not utilize the selected index for the searches. The proper way to do this would be for the app to use a macro based on the selected to populate "index=" in the search. Can the app be updated to use this functionality so that every search on the dashboard does not need to reconfigured?

0 Karma
1 Solution

duosec
Explorer

Hey rajshahcme,

I just wanted to you to know that I've added this update to our code and it will be in the next release! I'll be sure to reach out to you when that happens but it should be in a few days.

View solution in original post

duosec
Explorer

Hey rajshahcme,

I just wanted to you to know that I've added this update to our code and it will be in the next release! I'll be sure to reach out to you when that happens but it should be in a few days.

View solution in original post

rajshahcme
Engager

Awesome, glad to hear!

0 Karma

duosec
Explorer

Hey rajshahcme,

The app has been updated on Splunkbase to v1.1 with macro support. The macro can be found in the defaults/macros.conf file or can be changed through the web interface.

duosec
Explorer

This is Jamie from Duo here. Feel free to send over any suggestions like mmodestino_splunk mentioned. An example of what you're looking for would definitely help speed up any changes you'd like to see.

0 Karma

mattymo
Splunk Employee
Splunk Employee

Thanks for the Support Jamie!

0 Karma

mattymo
Splunk Employee
Splunk Employee

Hey rajshahcme!

The doc link on splunkbase point to https://duo.com/docs/splunkapp and at the bottom of the page it looks like DUO listed a support address support@duosecurity.com

I recommend making the changes you would like to see in the app and sending them over to them for fastest results.

Hopefully they monitor for questions here, but in case they don't you could probably get their attention pretty quick directly.

Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!