Getting Data In

Ping Federate Application into Splunk

anandhalagaras1
Communicator

Hi Team,

I have installed and utilizing the PingFederate application in our organization for few of our client servers. And now we want it to ingest the logs generated from these app into Splunk and utilize the Dashboards to view the statistics present in the Splunk Search head.

So I have installed PingFederate App for Splunk (https://splunkbase.splunk.com/app/976/) in our Splunk Search heads.

The PingFederate application are running in our client servers so I have logged into one of the client server where Ping Federate app has been installed and I can see that the Splunk Universal Forwarder (UF) has been already installed in the client server and it is reporting in Splunk.

So now I have navigated to the directory in which PingFederate is installed and I can see the version we are using for PingFederate is 10.2.1


PingFederate:


I have followed the documentation for PingFederate ( https://docs.pingidentity.com/bundle/pingfederate-93/page/qst1564002981075.html) and tried to setup in the client server.
But I can see in the documentation we are having 5 Logger elements and I am quite not sure which one should I need to uncomment and which RollingFile should I need to uncomment in the log4j2.xml file?

So kindly help on the same. And post uncommenting the required stanza should I need to restart the PingFederate service to consider into effect? Kindly help on the same.

And  if the log file is generated in the log directory then what index and sourcetype information should I need to use? So that the dashboards which is present in the app should work as expected for both the Apps?

Or if I missing out anything then kindly help to correct me on the same as well.

Labels (1)
0 Karma

anandhalagaras1
Communicator

Can anyone kindly check and reply me on the same.

0 Karma

anandhalagaras1
Communicator

Can anyone kindly to check and update me on the same.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...