PingFederate App Forwarded Events goto Splunk_Audi...

Reporting

Hi have a new install with a single Splunk server for evaluation. I set up the universal forwarder and the Splunk service on Centos and updated the PingFederate to create the require splunk audit file. I then configured the receiver and the sender to use the /opt/pf/pingfederate/log/splunk_audit.log

Entries started to flow from the forwarder to the Splunk indexer but all the PingFederate App panes show "waiting for input". From the search I see the data event flowing but they all say Splunk_Audit_Too_Small

Any Tips how to fix this?

Thanks!

never-displayed

Additional options

Associated Products

PingFederate App Forwarded Events goto Splunk_Audit_Too_Small

data model

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

PingFederate App Forwarded Events goto Splunk_Audit_Too_Small

data model

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >