Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Saviynt Audit Log Export to Splunk Version Less Than 9

Sivagami
Valued Contributor
Valued Contributor

‎01/11/2023 04:04 AM

I read from the document below that the Splunk Add-On is supported from Version 9. We are basically in V8. How do we export the audit logs to Splunk in this case? Any alternatives are much appreciated.

https://saviynt.freshdesk.com/support/solutions/articles/43000666823-splunk-integration-guide#Splunk... 

Sivagami_0-1673438511046.png

CC: @sagars 

-Siva

Labels:
0 Kudos
7 REPLIES 7

sagars
Saviynt Employee
Saviynt Employee

‎01/11/2023 12:10 PM

Hello @Sivagami ,

The Splunk add-on solution is build on top of splunk add-on builder which is available in below versions. If you are in any of the below mentioned version then please import the spl file provided in our documentation. 

 

Splunk-Addon.png

 Regards,

Sagar Srikantaiah

Sivagami
Valued Contributor
Valued Contributor

‎01/11/2023 01:40 PM - edited ‎01/12/2023 03:29 AM

Thanks @sagars  for the response. Splunk team was able to import the add-on, but they are receiving 500 error on the page where they need to configure data ingestion.

Saviynt Version: v5.5 SP 3.12.7

Splunk Enterprise Version: v8.2.7

We imported the spl file in the below document and the add-on got installed on Splunk heavyweight forwarder and Splunk enterprise v8.2.7.

https://saviynt.freshdesk.com/support/solutions/articles/43000666823-splunk-integration-guide#Splunk...

https://splunkbase.splunk.com/app/6644

When we try to perform Step 5: Click on the SaviyntEvents Add-on and Create a New Input, below is the error received.

Sivagami_2-1673522775694.png

Below is the error when we click on the configuration tab as well.

Sivagami_3-1673522803541.png

Our Splunk team upgraded the heavy weight forwarder to V9 as well and still facing the same error mentioned above. Could you please assist?

-Siva

0 Kudos

Sivagami
Valued Contributor
Valued Contributor

‎01/23/2023 02:14 PM

@sagars updated the documentation -https://saviynt.freshdesk.com/support/solutions/articles/43000666823-splunk-integration-guide#Splunk... with latest spl file and we installed the same in the new Splunk heavy weight forwarder (v9) that our Splunk team brought up & it worked.

Thanks Sagar for your help providing the new Saviynt add on!

rushikeshvartak
All-Star
All-Star
In response to Sivagami

‎01/23/2023 02:42 PM

Is it updated on new docs portal too ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

sagars
Saviynt Employee
Saviynt Employee
In response to rushikeshvartak

‎01/23/2023 02:45 PM

@rushikeshvartak ,

We are working on the new doc portal updates and will be ready by early next week.

Regards,
Sagar Srikantaiah

0 Kudos

Sivagami
Valued Contributor
Valued Contributor

‎01/27/2023 06:02 AM

@sagars - Splunk Add-on Seems to not support pagination currently. Only first 50 records are being pulled in. Could you please check?

smithamg
Regular Contributor
Regular Contributor

‎02/23/2023 10:16 PM

We are also facing the same issue. Only 50 records are pulled at a time. Do we have any resolution for this?

 

0 Kudos
Copyright © 2024 Khoros, LLC