Just install the package from Splunk Apps.
- You must use a platform that supports Nodejs (which ships in the box for Splunk).
- Make sure the
SPLUNK_HOME
environment variable is pointing to the root directory of your Splunk instance. - If your Splunk Web is located behind a proxy server, please configure the HTTP(S)_PROXY environment variable.
- Open the Splunk web interface and go to
Settings -> Data -> Data inputs
- Add new data input for Auth0 app specifying
name
,domain
,global client ID
,global client secret
andinterval
(under "More settings" section)
Global client ID and secret can be found from https://docs.auth0.com/api
- File location for latest log checkpoint:
$SPLUNK_HOME/var/lib/splunk/modinputs/auth0/{AUTH0_DOMAIN}-log-checkpoint.txt
- Log files:
$SPLUNK_HOME/var/log/splunk/audit.log
$SPLUNK_HOME/var/log/splunk/splunkd.log
- Open the Splunk web interface, go to
Settings -> Data -> Data inputs -> Auth0
and delete the data input - Delete log checkpoint file:
$SPLUNK_HOME/var/lib/splunk/modinputs/auth0/{AUTH0_DOMAIN}-log-checkpoint.txt
- Perform one of the following searches:
- Remove all Auth0 events:
sourcetype="auth0_logs" | delete
- Remove specific data input events:
source=auth0://{DATA_INPUT_NAME} | delete
- Remove all Auth0 events:
If you have insufficient privileges to delete events (and presuming you are admin), go to
Settings -> Users and authentication -> Access controls -> Roles -> admin
and add thedelete_by_keyword
capability underCapabilities
section.
- Make sure to update version number from
default/app.conf
file. - Install
gnutar
| instructions npm install -g flatten-packages
- Execute the following:
# include dependencies
cd bin/app/ && rm -rf ./node_modules && npm install --production
flatten-packages
# generate spl package
alias tar='gnutar'
cd ../../..
tar cv splunk-auth0/ -X splunk-auth0/.tarignore > splunk-auth0.tar
gzip splunk-auth0.tar
mv splunk-auth0.tar.gz splunk-auth0.spl
You are ready to upload the new
splunk-auth0.spl
package to https://apps.splunk.com/app/1884/edit/#/hosting/new
More info see Splunk Documentation - Package your app or add-on
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
This project is licensed under the MIT license. See the LICENSE file for more info.