Saviynt Forums

Thank you for providing documentation to start with it for splunk integration with Saviynt.

We have create SAV role and run time analytics report accordingly to steps provided in doc. https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter20-EIC-Integrations/Saviynt-...

When i was trying to test the report fetch runtime API through postman, am receiving below error and even i followed the steps from doc. Please let me know if am missing anything here.

error:

report:

Postman execution:

If i use below API then i get the results when i try to search for the same runtime report, but as per doc, splunk will be going to call the API/fetchRuntimeControlsDataV2 which is not able to find the report itself.

ECM/api/v5/fetchRuntimeControlsData

Can you share data analyzer screenshot for splunk report

Report: created exactly with same query whats in doc. I have replaced timeframe in dataanalyzer variable with value 360 and thrown error in data analyzer but same from report execution through analytics returning results.

select ua.TYPEOFACCESS as 'Object Type',ua.ActionType as 'Action Taken',u.username as 'Accessed By', ua.IPADDRESS as 'IP Address',ua.ACCESSTIME as 'Event Time',ua.DETAIL as 'Message' from users u , userlogin_access ua, userlogins l where l.loginkey = ua.LOGINKEY and l.USERKEY = u.userkey and ua.AccessTime >= (NOW() - INTERVAL ${timeFrame} Minute) and ua.Detail is not NULL;

Select * from analyticsconfiges where analyticskey=11 share data analyzer result

Select * from analyticsconfig where analyticskey=10

based on your query: changed the key to 10, i feel below is not right table name right.

Select * from analyticsconfiges where analyticskey=10

You have created non elastic report please create v2 / elastic report

Yes, i have created report exactly with same steps. but some reason its storing version as 1 isntead of 2.

excetion type is Executable

Yes, Do i need to uncheck this?

Use attached report 

you are awesome, excellent. just unchecked that flag on global config and recreated runtime analytics report. This time below query showing the analytics name is V2 and am able to fetch the report details from postman. We will test the same from Splunk also, will update soon here.

Select * from analyticsconfiges where analyticskey=<id> 

We were able to configure audit logs with Splunk succesfully with your help. Kudos to you. Thank you.