Hi have a new install with a single Splunk server for evaluation. I set up the universal forwarder and the Splunk service on Centos and updated the PingFederate to create the require splunk audit file. I then configured the receiver and the sender to use the /opt/pf/pingfederate/log/splunk_audit.log Entries started to flow from the forwarder to the Splunk indexer but all the PingFederate App panes show "waiting for input". From the search I see the data event flowing but they all say Splunk_Audit_Too_Small Any Tips how to fix this? Thanks!
... View more