Ping Identity provides a custom Splunk App for PingFederate to process audit logs generated by a PingFederate deployment. Splunk is an enterprise software that allows for monitoring, reporting, and analysis of consolidated log files.
- Download and install Splunk
Splunk captures and indexes real-time data into a single searchable repository where reports, graphs, and other data visualization can be generated.
The PingFederate Splunk App provides rich system monitoring and reporting, including:
- Current transaction and system reports
- Service reports, such as a daily usage report, and identity provider (IdP) and service provider (SP) reports per connection
- Trend reports, such as weekly and monthly usage reports, and trend analysis
Splunk uses a specially formatted version of the audit log splunk-audit.log, which you can write to the PingFederate log directory when you complete the setup steps.
The Splunk App for PingFederate is available separately. It requires enterprise-licensed, or trial installation of the Splunk software and the Splunk Universal Forwarder, which is needed to collect data from the PingFederate audit log for Splunk. The application includes additional documentation on installation and available features. To download the free application, go to splunkbase.splunk.com and search for PingFederate.