Hello all,
So after performing an upgrade of the Pingfederate app I'm not able to see any data being populated by the dashboards. The dynamic dropdown never gets to the point of loading anything to select. Attempting the searches in S&R does however yield results (albeit 0 for most of them which begs the question of whether or not it worked).
Has anyone been able to have success with this app. The documentation on it leaves a lot to be desired...
Finally had some time to troubleshoot this further and I've realized that our logs are not pulling in all of the events. Below are the 18 event types that I can search within Splunk. That's 18/76 eventtypes that come with the app that cannot be found. It also correlates with the only dashboards that seem to work. How would I go about fixing this issue? Is the app also supposed to exist on our indexers? Documentation says search center only.
am.password.change.failure
am.password.change.success
idp.access.authnattempt.failure
idp.access.authnattempt.inprogress
idp.access.authnattempt.success
idp.access.slo.failure
idp.access.slo.success
idp.access.sso.failure
idp.access.sso.success
idp.access.sts.failure
idp.access.sts.success
oauth.request.issue.failure
oauth.request.authorize.success
oauth.request.issue.success
oauth.request.authorize.failure
sp.access.sts.failure
sp.access.sts.success
sp.access.authnrequest.inprogress
Unfortunately we haven't heard similar reports about such an issue from other customers, nor have we run into that in our test labs.
I think we'd need more details about your environment to better assist. What I'd recommend is that you open a support case directly with our customer support team and they'd be able to dig in. You can do so at: https://support.pingidentity.com/
Thanks!
Finally had some time to troubleshoot this further and I've realized that our logs are not pulling in all of the events. Below are the 18 event types that I can search within Splunk. That's 18/76 eventtypes that come with the app that cannot be found. It also correlates with the only dashboards that seem to work. How would I go about fixing this issue? Is the app also supposed to exist on our indexers? Documentation says search center only.
am.password.change.failure
am.password.change.success
idp.access.authnattempt.failure
idp.access.authnattempt.inprogress
idp.access.authnattempt.success
idp.access.slo.failure
idp.access.slo.success
idp.access.sso.failure
idp.access.sso.success
idp.access.sts.failure
idp.access.sts.success
oauth.request.issue.failure
oauth.request.authorize.success
oauth.request.issue.success
oauth.request.authorize.failure
sp.access.sts.failure
sp.access.sts.success
sp.access.authnrequest.inprogress