PingFederate App Forwarded Events goto Splunk_Audit_Too_Small

New Member

Hi have a new install with a single Splunk server for evaluation.  I set up the universal forwarder and the Splunk service on Centos and updated the PingFederate to create the require splunk audit file.  I then configured the receiver and the sender to use the /opt/pf/pingfederate/log/splunk_audit.log


Entries started to flow from the forwarder to the Splunk indexer but all the PingFederate App panes show "waiting for input".  From the search I see the data event flowing but they all say Splunk_Audit_Too_Small

Any Tips how to fix this?



Labels (1)
Tags (1)
0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!