Hi Team,

I have installed and utilizing the PingFederate application in our organization for few of our client servers. And now we want it to ingest the logs generated from these app into Splunk and utilize the Dashboards to view the statistics present in the Splunk Search head.

So I have installed PingFederate App for Splunk (https://splunkbase.splunk.com/app/976/) in our Splunk Search heads.

The PingFederate application are running in our client servers so I have logged into one of the client server where Ping Federate app has been installed and I can see that the Splunk Universal Forwarder (UF) has been already installed in the client server and it is reporting in Splunk.

So now I have navigated to the directory in which PingFederate is installed and I can see the version we are using for PingFederate is 10.2.1

PingFederate:

I have followed the documentation for PingFederate ( https://docs.pingidentity.com/bundle/pingfederate-93/page/qst1564002981075.html) and tried to setup in the client server.
But I can see in the documentation we are having 5 Logger elements and I am quite not sure which one should I need to uncomment and which RollingFile should I need to uncomment in the log4j2.xml file?

So kindly help on the same. And post uncommenting the required stanza should I need to restart the PingFederate service to consider into effect? Kindly help on the same.

And  if the log file is generated in the log directory then what index and sourcetype information should I need to use? So that the dashboards which is present in the app should work as expected for both the Apps?

Or if I missing out anything then kindly help to correct me on the same as well.