Hi Team,

I have installed PingAccess (https://splunkbase.splunk.com/app/5368/) and PingFederate (https://splunkbase.splunk.com/app/976/) app in our Splunk Search head and based on this below mentioned documentation we have edited the log4j2.xml file in the client machines where pingaccess and pingfederate app has been installed.  post which I can see a huge amount of files log files got generated in /log directory and I have ingested all the log files into Splunk.

Documentation Link:

https://docs.pingidentity.com/bundle/pingfederate-102/page/qst1564002981075.html 

https://docs.pingidentity.com/bundle/pingaccess-62/page/gyx1564006725145.html 

But when I navigated to the app and I couldn't able to see any data in the dashboard ? And it is showing as no results and search is waiting for inputs. So do i need to configure additional things to reflect in the dashboard? Since in both the apps I couldnt able to see any data getting populated so kindly help on the same.

FYI. I have ingested all the log files using an index as main and for all the logs from pingaccess i used the sourcetype as pingaccess and for all the log files from pingfederate i used the index as main and sourcetype as pingfederate. And the logs from pingconsole i used the index as main and sourcetype as pingconsole.

So am i missing anything in the configuration kindly let me know since I want the dashboard to work as expected.