The Workday Add-on for Splunk® enables you to automatically send a copy of user activity log data from your Workday tenant into your Splunk account. This enables you to use Splunk to parse the log data to monitor for harmful activity in your tenant.
If you enable this functionality, a copy of your user activity data will reside outside of Workday.
The Workday Add-on for Splunk is available on the Splunkbase site and is not part of the Workday Service. Follow the directions on Splunkbase to license and download the add-on.
Do these steps to set up Workday to send data to Splunk:
If the Workday Add-on for Splunk is not working as expected, please have a Workday Administrator in your organization create a case to receive assistance from Workday Support.
Create an Integrations Systems User and the associated Security Group and Policy.
For additional information, see Set Up Integration System User Security in Workday documentation.
For additional information, see Register API Client for Integrations in Workday documentation.
Version 2.0.3:
Version 2.0.2:
Version 2.0.0 Highlights:
Before upgrade to Workday add-on for Splunk version : 2.0.0
Version 2.0.2:
Version 2.0.0 Highlights:
Before upgrade to Workday add-on for Splunk version : 2.0.0
Version 2.0.0
* New Multi-tenant feature
* Global account feature is enabled. Now you can configure Workday tenants as global accounts
* Updated input settings to include an optional start time setting
* Each tenant input requires a global account reference from the configuration page
* Handle timestamp checkpointer per input
* Updated validations for configurations and inputs
* Updated jquery & pythonsdk lib
* Help page within the app with FAQ's
Before upgrade to Workday add-on for Splunk version : 2.0.0
* Recommended : Install the add-on version 2.0.0 as a new add-on
* If we are updating the app, please follow the steps below:
* Disable and delete existing input.
* (Optional) : Remove any local settings such as passwords.conf
* These settings will remain deprecated and unused if not removed under app/local
* Record the last timestamp of the event for the given tenant.
* Use this timestamp to configure the new input start time
Version 1.0.2
- Bug fix : TA_workday_checkpointer incorrectly validating against timestamp after upgrade.
Version 1.0.1
- HTTP proxy fix to add validity
Version 1.0.0
- Splunk version 8.x & Python3 compatibility
- Incrementally ingest data and save time check point
- Optimized thresholds for API limit tolerance
- Verbose DEBUG logging available
- Optimized payload fetch time
- Minor bugs and improvements
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.