PingOne

Installing the PingOne App for Splunk

The PingOne App for Splunk correlates your PingOne data into a meaningful dashboard. The app allows you to create custom dashboards and reporting, monitor activity data, and analyze event data over time.

Before you begin

You must:

  • Have a Splunk administrator account.

  • Create a webhook to send your PingOne data to your Splunk instance. We recommend collecting the data in index=pingone so that the data model attached to the PingOne App for Splunk will automatically pick up the data.

    • Create a data input in Splunk to receive the webhook data from PingOne. In Splunk, click Settings → Data inputs.

    • For HTTP Event Collector, click +Add new. Send the data to index=pingone. Make sure to copy the token provided by Splunk. For more information, refer to the Splunk HTTP Event Collector documentation.

      A screen capture of the Splunk Index page with

      To use a different index, refer to step 2 below to configure the PingOne App for Splunk to capture webhook data stored in other indexes.

    • Create the webhook in PingOne and add a custom header, where you can enter the token provided by Splunk when you created the HTTP Event Collector input.

  • Download the PingOne App for Splunk package in Splunkbase. Search for pingone in Splunkbase to find the file.

About this task

To install the PingOne App for Splunk:

Steps

  1. Sign on to Splunk and install the PingOne App for Splunk.

    1. Click Apps → Manage Apps.

    2. Click Install app from file.

      A screen capture of the Splunk Apps page with a red box around the Install app from file button.

    3. To upload the PingOne App for Splunk package file, click Browse, select the file, and then click Upload.

      A screen capture of the Install App From File page in Splunk.

  2. If your data is not in index=pingone, modify the macro to point to your data:

    1. Click Settings → All configurations.

      A screen capture of the Splunk Settings menu with a red box around All configurations.

    2. For the App field, filter on PingOne App for Splunk configurations and select the PingOne_data macro.

      A screen capture of the Splunk All configurations page filtered on PingOne App For Splunk with a red box around the PingOne_data macro.

    3. To point the macro to your data, enter your index in the Definition box.

      The default is index=pingone. Below is an example definition.

      A screen capture of an example index in the Definition box.

  3. Optional: Accelerate your data model to make a summary index of PingOne data.

    The summary index results in more efficient population of the dashboards and allows you to populate the tables over larger time ranges.

    1. Go to Settings → Data models.

      A screen capture of the Splunk Settings menu with a red box around Data mdoels.

    2. Click Edit → Edit Acceleration for the PingOne data model.

      A screen capture of the Splunk Data Models page for the PingOne data model with the Edit menu open and a red box around Edit Acceleration.

    3. In the Edit Acceleration window, select the Accelerate check box.

    4. Select a Summary Range. Click Save.

      The dashboards only display accelerated data through the summary range selected, so choose a time range accordingly.
      A screen capture of the Splunk Edit Acceleration window with the Accelerate check box selected and the Summary Range set to 3 Months.

    It will take time for the summary index to build.