Hi at all,
I have to take logs from MobileIron Cloud into Splunk Cloud.
I download the MobileIron Cloud App, but it is only for Splunk On premise and it doesn't pass the check on Splunk Cloud.
Does anybody know if there's a version of this app for Splunk Cloud or where searching a solution?
Thanks.
Giuseppe
Hi at all,
there isn't any App for MobileIron Cloud available for Splunk Cloud.
The app downloadable from the MobileIron downaload site is compatible only with Splunk Enterprise because it contains some script to extract MobileIron data that aren't acceptable for Splunk Cloud.
The only way to index MobileIron data is to have an Heavy Forwarder used as a bridge system to install this app to extract MobileIron Cloud data and send to Splunk.
I hope that MobileIron developers will solve this gap for their users.
In the meantime, I customized the available app to make it compatible with Splunk Cloud excluding all the ingestion features and leaving only the dashboards and parsing.
Ciao.
Giuseppe
@gcusello Hi
looks like mobile iron sentry addon supports splunk cloud, coming to Mobileiron app i can see it just supports Soar on prem and soar cloud.
Hi @Roy_9,
yes I saw App for Sentry, that's a mobileIron's module but it isn't the core product.
I'm asking to Ivanti Support (MobileIron was bought by Ivanti) but I'm not receiving any information.
There could be a porkaround that I'd like to avoid: to install the MobileIron App on an Heavy Forwarder on Premise (eventually on the private Cloud of the Customer) and send data to Splunk Cloud where I'll install a subset of the MobileIron App (only Dashboards and knowledge objects), but this is for me the last solution.
Ciao.
Giuseppe
Hi at all,
there isn't any App for MobileIron Cloud available for Splunk Cloud.
The app downloadable from the MobileIron downaload site is compatible only with Splunk Enterprise because it contains some script to extract MobileIron data that aren't acceptable for Splunk Cloud.
The only way to index MobileIron data is to have an Heavy Forwarder used as a bridge system to install this app to extract MobileIron Cloud data and send to Splunk.
I hope that MobileIron developers will solve this gap for their users.
In the meantime, I customized the available app to make it compatible with Splunk Cloud excluding all the ingestion features and leaving only the dashboards and parsing.
Ciao.
Giuseppe
Hi Giuseppe
f I understand correctly, the option is to install addon and app in the heavy forwarder and then forward from the heavy forwarder the data back to splunk cloud, is that right?
Or with your app is it possible to receive in a heavy forwarder with the addon and then just forward the data to splunk cloud?
Could you share your customized app?
Thanks in advance !
Hi @jbueso,
there isn't any Add-On only the App (downalodable from the Mobileiron site) to install on the Heavy Forwarder to enable data inputs.
The HF will forward logs to Splunk Cloud.
The App for Splunk Cloud is the same without all the scripts that block the upload.
In few words, fromthe MobileIron app I took only dashboards and knowledge objects, removing all the Data inputs.
Ciao.
Giuseppe