Page created: 9 Jan 2023
|
Page updated: 2 Feb 2023
The PingOne App for Splunk correlates your PingOne data into a meaningful dashboard. The app allows you to create custom dashboards and reporting, monitor activity data, and analyze event data over time.
You must:
- Have Splunk administrator account.
- Create a webhook to send your PingOne data to your Splunk
instance. We recommend collecting the data in
index=pingoneso that the data model attached to the PingOne App for Splunk will automatically pick up the data.- Create a data input in Splunk to receive the webhook data from PingOne. In Splunk, click .
- For HTTP Event Collector, click +Add
new. Send the data to
index=pingone. Make sure to copy the token provided by Splunk. For more information, refer to the Splunk HTTP Event Collector documentation.
Note:To use a different index, refer to step 2 below to configure the PingOne App for Splunk to capture webhook data stored in other indexes.
- Create the webhook in PingOne and enter the token provided by Splunk when you created the HTTP Event Collector input.
- Download the PingOne App for Splunk package in Splunkbase. Search for pingone in Splunkbase to find the file.
To install the PingOne App for Splunk:
-
Sign on to Splunk and install the PingOne App for Splunk.
-
Click Install app from file.
-
To upload the PingOne App for Splunk package file, click
Browse, select the file, and then click
Upload.
-
Click Install app from file.
-
If your data is not in
index=pingone, modify the macro to point to your data:-
Click .
-
For the App field, filter on PingOne App for
Splunk configurations and select the
PingOne_data macro.
-
To point the macro to your data, enter your index in the
Definition box.
The default is
index=pingone. Below is an example definition.
-
Click .
- Optional:
Accelerate your data model to make a summary index of PingOne data.
The summary index results in more efficient population of the dashboards and allows you to populate the tables over larger time ranges.
-
Go to .
-
Go to .