Does any one have an idea how to use Splunk for monitoring SiteMinder in your environment? Also, how do we search for errors in smps.log and the smaccess.log?
Not to ask another question but have you looked at the CA siteminder App?
https://splunkbase.splunk.com/app/842/
I have not investigated it completely, but I am just now taking a peak on how to look at our logs.
Also do you have the data indexed at the moment and created your field extractions?