All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure the Splunk App for PingFederate?

jlemoine
Path Finder
‎04-28-2017 12:18 PM

I'm trying to configure the Splunk App for PingFederate, but there doesn't seem to be and step-by-step instructions out there, or any instructions really.

I've got the Ping servers stood up, configured properly, and indexed and searchable in Splunk. However, there is no data showing up in the PingFederate app. I can't find a way to sync/feed the indexes/logs into the app.

Does anyone know how to setup this app properly?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PirateJokes
Engager
‎05-15-2017 12:07 PM

Depending on where you are in your various installations, this
https://support.pingidentity.com/Configuring-PingFederate-with-Splunk (older)
and this
https://documentation.pingidentity.com/pingfederate/pf83/index.shtml#adminGuide/concept/writingAudit... (newer)
should get you pretty close depending on your version.

I also noticed the SecuityAudit2Splunk logger is commented out in the log4j2.xml, and no one seems to mention it.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

PirateJokes
Engager
‎05-15-2017 12:07 PM

Depending on where you are in your various installations, this
https://support.pingidentity.com/Configuring-PingFederate-with-Splunk (older)
and this
https://documentation.pingidentity.com/pingfederate/pf83/index.shtml#adminGuide/concept/writingAudit... (newer)
should get you pretty close depending on your version.

I also noticed the SecuityAudit2Splunk logger is commented out in the log4j2.xml, and no one seems to mention it.

0 Karma
Reply
Solved! Jump to solution

jlemoine
Path Finder
‎05-16-2017 01:31 PM

Thank you for your comment and help.

We actually found out that editing the source XML on the various ping dashboards fixed most of our problems. When we opened the original dashboards that came packaged with the Ping app, none of them referenced any indexes, so we added the index for the Ping data into the XML, and many of the dashboards began to work.

Additionally, we discovered that making a copy of the savedsearches.conf file from the default app directory and putting it into the local directory, then adding the Ping indexes to the stanzas within the file fixed almost all of the rest of them.

0 Karma
Reply
Solved! Jump to solution

TWiseOne
Path Finder
‎09-14-2017 03:37 AM

The reason it didn't work without "index=" is that the indexe(s) for pingfederate would not have been in the "Search by default" (srchIndexesDefault) setting in the authorize.conf.

It may have been easier to allow the indexes you need to be searchable by default in the authorize.conf then this would have negated all the additional work you had to do. This can also be done on a user basis if required.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...