Troubleshooting the PingOne App for Splunk
See the following information for help troubleshooting the dashboards in the PingOne App for Splunk.
Why do some of the graphs not populate?
If there are no results returned within the selected time range given, the dashboard widget shows as blank. If this activity is limited to one widget, such as a table or chart, on a dashboard, this likely means there were no relevant events to populate the chart.
Why do the Event Detail charts have a count listed?
The data model collects aggregate data, which is used to populate the dashboards. Because the data collected are not raw log events, it’s possible for multiple matching events to be aggregated. As an example, if a user account was unlocked 3 times in a second by the same administrator, the count value would be 3.
How do the dashboard table fields translate from PingOne webhook JSON data?
In the PingOne App for Splunk prebuilt dashboards, the PingOne webhook JSON data translates to the following table headings.
| JSON Key | Field Name |
|---|---|
|
Action |
|
Description |
|
Status |
|
Client ID |
|
Environment ID |
|
Client Application |
|
Actor ID |
|
Actor |
|
Target Resource |
|
Action |
What does “N/A” mean when populated into a field such as Actor (actors.user.name)?
In this case, "N/A" means that no value was included with the event. For instance, if the activity was performed by a worker app instead of a user account, the corresponding event data would have an N/A value in the dashboard results.
Certain dashboards allow you to filter N/A values in the results. For the User Activity dashboard:
-
If Filter No Actor is set to
False, N/A values are displayed.
-
If Filter No Actor is set to
True, N/A values will be removed from the results.