We use Splunk onprem and we also have Dynatrace SaaS. Dynatrace recently release the ability to access the audit logs via their API. I would really like to get these logs into Splunk. I am trying to figure out of there is anything within Splunk that provides the ability to "pull" these logs.
Has anyone accomplished this?
i am using the Splunk REST API App (paid) https://splunkbase.splunk.com/app/1546/
there your able to write your own rest API call and import it into splunk.
Thanks! I decided to just use the Splunk Add-On Builder to make my own app to do it. We will see how that goes.
FYI... Kinda what I thought. These apps can't read the new audit logs. No option for that with the current version.
@larryleeroberts
Have you tried these apps ?
Dynatrace Add-on for Splunk (https://splunkbase.splunk.com/app/3969/)
Dynatrace App for Splunk (https://splunkbase.splunk.com/app/4040/)
The Dynatrace app for Splunk collects via the Dynatrace API:
https://splunkbase.splunk.com/app/4040/
I knew it collected metrics, but not the logs. I will give it a try - Thank you! Very much appreciated.