Splunk for PingIntelligence provides a pictorial view of various attacks in an API environment with granular event details. The Splunk Dashboard monitors attack.log file in PingIntelligence for APIs Dashboard engine. Dashboard engine through attack.log returns a JSON report that contains attack details. Following is a snippet of the attack.log with attack details:
{
  "timestamp": "1575965866132",
  "protocol": "HTTP",
  "attack_id": "11",
  "description": "Extreme App Activity",
  "attack_bucket": "API",
  "attack_scope": "SINGLE_API",
  "attacked_api": "shop-electronics",
  "attack_identifier_type": "TOKEN",
  "attack_key": "",
  "attack_value": "343077883101e1c8f2b3ec0fbf6a32ab2327e4c2e7ebe525a27a125225fa136d"
}

The following illustration summarizes the data flow between Dashboard engine and Splunk server: Diagram showing the data flow between PingIntelligence Dashboard engine and Splunk server.

Note: PingIntelligence for APIs is qualified for Splunk 8.0.0.