Jamf Protect and Splunk Integration Issues

Splunk Enterprise

Hi team,

I'm trying to set up the integration between Jamf Protect and Splunk according to the steps provided in the following link:

Jamf Protect Documentation - Splunk Integration

When I follow the steps under the "Testing the Event Collector Token" heading, specifically the part that says "Using the values obtained in step 1, execute the following command:", I can see the logs sent from my local machine on the Splunk search head, but I can't see the JamfPro logs coming from other clients. However, I can see the logs when I use curl to send them.

Additionally, when I open tcp dump on the heavy forwarder to check the logs, I can see that the logs are being received, but I can't see them when searching. What could be the reason for this?

Furthermore, where can I check the error logs from the command line to examine any issues?

Thanks

Get Updates on the Splunk Community!

Jamf Protect and Splunk Integration Issues

configuration

troubleshooting

using Splunk Enterprise

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

Jamf Protect and Splunk Integration Issues

configuration

troubleshooting

using Splunk Enterprise

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem