Splunk Cloud Platform

Is there a version of MobileIron Cloud App for Splunk Cloud?

gcusello
SplunkTrust
SplunkTrust

Hi at all,

I have to take logs from MobileIron Cloud into Splunk Cloud.

I download the MobileIron Cloud App, but it is only for Splunk On premise and it doesn't pass the check on Splunk Cloud.

Does anybody know if there's a version of this app for Splunk Cloud or where searching a solution?

Thanks.

Giuseppe

Labels (1)
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi at all,

there isn't any App for MobileIron Cloud available for Splunk Cloud.

The app downloadable from the MobileIron downaload site is compatible only with Splunk Enterprise because it contains some script to extract MobileIron data that aren't acceptable for Splunk Cloud.

The only way to index MobileIron data is to have an Heavy Forwarder used as a bridge system to install this app to extract MobileIron Cloud data and send to Splunk.

I hope that MobileIron developers will solve this gap for their users.

In the meantime, I customized the available app to make it compatible with Splunk Cloud excluding all the ingestion features and leaving only the dashboards and parsing.

Ciao.

Giuseppe

View solution in original post

Roy_9
Motivator

@gcusello Hi

looks like mobile iron sentry addon supports splunk cloud, coming to Mobileiron app i can see it just supports Soar on prem and soar cloud.

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Roy_9,

yes I saw App for Sentry, that's a mobileIron's module but it isn't the core product.

I'm asking to Ivanti Support (MobileIron was bought by Ivanti) but I'm not receiving any information.

There could be a porkaround that I'd like to avoid: to install the MobileIron App on an Heavy Forwarder on Premise (eventually on the private Cloud of the Customer) and send data to Splunk Cloud where I'll install a subset of the MobileIron App (only Dashboards and knowledge objects), but this is for me the last solution.

Ciao.

Giuseppe

 

gcusello
SplunkTrust
SplunkTrust

Hi at all,

there isn't any App for MobileIron Cloud available for Splunk Cloud.

The app downloadable from the MobileIron downaload site is compatible only with Splunk Enterprise because it contains some script to extract MobileIron data that aren't acceptable for Splunk Cloud.

The only way to index MobileIron data is to have an Heavy Forwarder used as a bridge system to install this app to extract MobileIron Cloud data and send to Splunk.

I hope that MobileIron developers will solve this gap for their users.

In the meantime, I customized the available app to make it compatible with Splunk Cloud excluding all the ingestion features and leaving only the dashboards and parsing.

Ciao.

Giuseppe

jbueso
Path Finder

Hi Giuseppe

f I understand correctly, the option is to install addon and app in the heavy forwarder and then forward from the heavy forwarder the data back to splunk cloud, is that right?

Or with your app is it possible to receive in a heavy forwarder with the addon and then just forward the data to splunk cloud?

Could you share your customized app?  

Thanks in advance !

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @jbueso,

there isn't any Add-On only the App (downalodable from the Mobileiron site) to install on the Heavy Forwarder to enable data inputs.

The HF will forward logs to Splunk Cloud.

The App for Splunk Cloud is the same without all the scripts that block the upload.

In few words, fromthe MobileIron app I took only dashboards and knowledge objects, removing all the Data inputs.

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...