Hi Team,

I have installed and utilizing the PingAccess application in our organization for few of our client servers. And now we want it to ingest the logs generated from these app into Splunk and utilize the Dashboards to view the statistics present in the Splunk Search head.

So I have installed PingAccess App for Splunk (https://splunkbase.splunk.com/app/5368/) in our Splunk Search heads.

The PingAccess application are running in our client servers so I have logged into one of the client server where Ping Access app has been installed and I can see that the Splunk Universal Forwarder (UF) has been already installed in the client server and it is reporting in Splunk.

So now I have navigated to the directory in which PingAccess is installed and I can see the version we are using for PingAccess is 6.2.0

Ping Access:
So as per the documentation provided I have (https://docs.pingidentity.com/bundle/pingaccess-63/page/gyx1564006725145.html) followed the steps i.e. edited the log4j2.xml file and uncommented the below lines from the Stanza.

<AppenderRef ref="ApiAudit2Splunk"/>
<AppenderRef ref="EngineAudit2Splunk"/>
<AppenderRef ref="AgentAudit2Splunk"/>

But in the xml file I couldn’t able to find the below lines as mentioned in the document?

<AppenderRef ref="SidebandClientAudit2Splunk"/>
<AppenderRef ref="SidebandAudit2Splunk"/>

So what should I need to do if these lines are missing in the xml file? Shall I skip it or should I need to include it? Kindly help on the same please.

And post performing the steps do I need to restart the PingAccess service so that the respective log files would be generated in the log directory? Kindly confirm on this part as well.

And if the log file is generated in their respective directory then I believe we need to ingest the below mentioned log files into Splunk and we already have the setup (Splunk universal forwarder) running in the server so we can just go ahead and use any of the index and sourcetype information or do we have anything specific index name along with sourcetype (For PingAccess App) which need to be created in Splunk and use them to ingest the logs ? Kindly confirm on the same as well. (Since we want the dashboards installed in the Splunk Search head should be showing up the statistics).

• pingaccess_engine_audit_splunk.log
• pingaccess_api_audit_splunk.log
• pingaccess_agent_audit_splunk.log

So kindly help me on my query..