Use Auth0 App for Splunk
Before you start
Install the Auth0 App for Splunk
- Log into Splunk.
- Navigate to the Auth0 App for Splunk app page.
- Select the green Install button.
- Enter your username and password, accept the terms and conditions, and select Login and Install.
- On the Complete widget that results, select the Open the App button. The Auth0 Dashboard with default filters applied appears.
Dashboard filters
The following filters exist to allow you to drill down into the specifics of your traffic. You can enter* to search across all values for that field.
| Filter | Description |
|---|---|
| Time Range | A Splunk time input element that lets you choose the duration over which to view events. |
| Index | The Splunk index you want to search within. While creating your Http Event Collector Token, if you specified a particular index, you may use this value from the dropdown. |
| HTTP Source | The Splunk source name. |
| IP | The IP address whose traffic you want to inspect. This maps to data.ip in the log event. |
| Client | The client whose traffic you want to inspect. This maps to data.client_name in the log event. |
| Country | The country whose traffic you want to inspect. This is a field obtained using the iplocation data.ip search command in the query. It results in a Country field being added to each log event. |
| Username | The email address whose login traffic you want to inspect. This maps to data.user_name in the log event. |
Customize dashboard
You can customize your Splunk Auth0 security dashboard to add custom data widgets.- Navigate to your Auth0 security dashboard and select edit in the top right corner.
- In the Edit Dashboard panel, select add panel and then choose a content type. For example line chart, event, or area chart.
- Enter the time range, content title, and search string for the data visualization.
- Select Add to dashboard to add your new data widget.