All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Filter the data for OKTA application

rashi83
Path Finder
‎04-08-2020 12:51 PM

Hi ,
On a standalone SH , we are pulling OKTA logs using OKTA Identity cloud app.
Need to filter events based on the email address . For example anything with *gmail.com should not be indexed.

Put props.conf and transforms .conf in location -
C:\Program Files\Splunk\etc\apps\TA-Okta_Identity_Cloud_for_Splunk\local

props.conf
[OktaIM2:log]
TRANSFORMS-set= setnull

transforms.conf
[setnull]
REGEX=gmail.com
DEST_KEY=queue
FORMAT=nullQueue

But still events are not getting filtered . Any suggestions?

0 Karma
Reply

to4kawa
Ultra Champion
‎04-08-2020 12:58 PM

Have you reboot splunk?

0 Karma
Reply

rashi83
Path Finder
‎04-08-2020 12:59 PM

Yes I did .

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...