Ping Identity provides a custom Splunk App for PingAccess to process audit logs generated by a PingAccess deployment.
- Download and install Splunk.
Splunk is enterprise software that allows for monitoring, reporting, and analyzing consolidated log files. Splunk captures and indexes real-time data into a single searchable repository from which reports, graphs, and other data visualization can be generated.
The PingAccess Splunk App provides rich system monitoring and reporting, including:
- Current transaction and system reports
- Service reports such as a daily usage report and IdP and SP reports per connection
- Trend reports such as weekly and monthly usage reports, and trend analysis
The application uses a specially formatted version of the audit logs, which are written to the PingAccess log directory when the setup steps described below are followed.
Note: The Splunk App for PingAccess is available
separately. It requires enterprise-licensed (or trial) installation of the Splunk
software and the Splunk Universal Forwarder, which is needed to collect data from
the PingAccess Splunk audit logs. The application includes additional documentation
on installation and available features. Download the free application from Splunkbase.splunk.com by searching for
PingAccess.
Note: The PingAccess App for Splunk was designed
to use the default Splunk log pattern configuration. If you have changed the output
format of the Splunk rolling files, those changes can impact the functionality of
the PingAccess App for Splunk.