Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Runtime Analytics control to send all tasks to SIEM

msteeves
New Contributor II
New Contributor II

‎07/05/2023 08:29 AM

Hi,

We have Splunk ingesting logs currently, following https://docs.saviyntcloud.com/bundle/EIC-Admin-v2020x/page/Content/Chapter20-EIC-Integrations/Saviyn... but those logs are only for the actions taken by users. Is there an SQL query we could leverage to get alerts on provisioning tasks, specifically ones that error out?

Any documentation on such would be appreciated.

0 Kudos
2 REPLIES 2

Sivagami
Valued Contributor
Valued Contributor

‎07/05/2023 11:50 AM

You can create a runtime analytics for the same, similar to the one you use for ingesting application audit logs to Splunk. 

It's just that Splunk team needs to create a new input on their side to pull the data from new analytics as well.

Example: To pull the tasks that are pending & provisioning job tried to process more than 3 times but failed for the past x days. X is timeFrame here and Splunk input can be configured in such a way to grab the data as per the needed timeframe. You can alter the query as needed for your usecase.

SELECT taskkey,
       accountkey,
       accountname,
       comments,
       startdate,
       enddate,
       source,
       status,
       tasktype,
       taskdate,
       updatedate
FROM   arstasks
WHERE  taskdate > Now() - interval ${timeFrame} day
AND    provisioningtries >=3
AND    status=1

Hope this helps!

-Siva

msteeves
New Contributor II
New Contributor II

‎07/05/2023 12:30 PM

Thank you Siva, I will connect with our Splunk team and try this as a solution.

0 Kudos
Copyright © 2024 Khoros, LLC