icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Cancel Visit New Splunkbase Visit
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Workday MIT License

Splunk Websites Terms and Conditions of Use

Thank You

Downloading Workday Add-on for Splunk
SHA256 checksum (workday-add-on-for-splunk_203.tgz) 1be3b78e6a51e88140783bf791c8ff9d695c6c2c9c356348f6822831eae3221c SHA256 checksum (workday-add-on-for-splunk_202.tgz) 55467697d8ea055d5f9162649d0d2e1aea655e2437002d972f2be6b135bd0ceb SHA256 checksum (workday-add-on-for-splunk_201.tgz) 6c6e147b1ad4dfec84b6489eef0a4544f0306635e5b95d6a77f48cf1c0b162b6 SHA256 checksum (workday-add-on-for-splunk_200.tgz) 69ec77ffea2c8a6ef7a0aa994922a8c8b150f496557c7e7d08dafc04421af529 SHA256 checksum (workday-add-on-for-splunk_120.tgz) b5131ba812f7e0b749392a9ada62fbb5e2aa16aa794b1231e4110d264b18d474 SHA256 checksum (workday-add-on-for-splunk_110.tgz) 681b161bc7f20dba6372772f8a83e50b07ce231b7a2b3cf9a1bcbd93cbee0367 SHA256 checksum (workday-add-on-for-splunk_102.tgz) 6fd8cfce39660780aad7bed1a98381f18f9193e6989a44c605fdab33c8135dc1
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate
splunk

Workday Add-on for Splunk

Splunk Cloud
Overview
Details
The Workday Add-on for Splunk enables you to collect activity logs from your Workday tenant into Splunk for security monitoring and analysis.
If you enable this functionality, the collected user activity logs will reside outside of Workday.

The Workday Add-on for Splunk® enables you to automatically send a copy of user activity log data from your Workday tenant into your Splunk account. This enables you to use Splunk to parse the log data to monitor for harmful activity in your tenant.

If you enable this functionality, a copy of your user activity data will reside outside of Workday.

The Workday Add-on for Splunk is available on the Splunkbase site and is not part of the Workday Service. Follow the directions on Splunkbase to license and download the add-on.

Do these steps to set up Workday to send data to Splunk:

  1. Create an Integration System User.
  2. Register the add-on client in your tenant.
  3. Retrieve client values for the add-on.
  4. Enable your tenant to send data to Splunk.

If the Workday Add-on for Splunk is not working as expected, please have a Workday Administrator in your organization create a case to receive assistance from Workday Support.

Create an Integration Systems User

Create an Integrations Systems User and the associated Security Group and Policy.

  1. Access the Create Integration System User task.
    • User Name: Splunk_ISU
    • Session Timeout Minutes: 0 (disable session expiration)
    • Do Not Allow UI Sessions: Yes (select this checkbox)
  2. Access the Create Security Group task.
    • Type of Tenanted Security Group: Integration System Security Group (Unconstrained)
    • Name: Remote Security Monitoring
  3. Access the Edit Integration System Security Group (Unconstrained) task for the group you just created.
    • Integration System Users: Splunk_ISU
  4. Access the View Domain task for the domain System Auditing.
  5. Select Domain > Edit Security Policy Permissions from the System Auditing related actions menu.
  6. Add the group you created, Remote Security Monitoring, to both tables:
    • Report/Task Permissions table: View access
    • Integration Permissions table: Get access
  7. Access the Activate Pending Security Policy Changes task and activate the changes that you made.

For additional information, see Set Up Integration System User Security in Workday documentation.

Register the Add-on Client in your Tenant

  1. Access the the Register API Client for Integrations task and register the client.
    • Client Name: Workday Add-on for Splunk
    • Non-Expiring Refresh Tokens: Yes
    • Scope: System

For additional information, see Register API Client for Integrations in Workday documentation.

Retrieve Client Values for the Add-on

  1. Access the View API Clients task, select the API Clients for Integrations tab and confirm these settings:
    • Client Grant Type: Authorization Code Grant
    • Access Token Type: Bearer
  2. Copy and store these four values (the first two values are at the top of the page):
    • Workday REST API Endpoint
    • Token Endpoint
    • Client ID
    • Client Secret
  3. Select API Client > Manage Refresh Token for Integrations from the Workday Add-on for Splunk related actions menu.
    • Workday Account: Splunk_ISU
  4. Select Generate New Refresh Token checkbox, then save that token.
  5. Enter the values you saved into the add-on.

Enable your tenant to send data

  1. Access the Edit Tenant Setup - System task and ensure that the Enable User Activity Logging checkbox is selected.
  2. Access the Edit Tenant Setup - Security task and ensure that the OAuth 2.0 Clients Enabled checkbox is selected.

Release Notes

Version 2.0.3
Jan. 30, 2024

Version 2.0.3:

  • Update URL validations for Workday Rest Api Endpoint

Version 2.0.2:

  • Added validations for FEDRAMP Workday tenants
  • Updated Add-on builder build and pythonsdk lib

Version 2.0.0 Highlights:

  • New Multi-tenant feature : Configure multiple Workday tenants
  • Each tenant input requires a global account reference from the configuration page
  • Help page within the app with FAQ's

Before upgrade to Workday add-on for Splunk version : 2.0.0

  • Recommended : Install the add-on version 2.0.0 as a new add-on * If we are updating the app, please follow the steps below:
  • Disable and delete existing input.
  • (Optional) : Remove any local settings such as passwords.conf
  • These settings will remain deprecated and unused if not removed under app/local * Record the last timestamp of the event for the given tenant.
  • Use this timestamp to configure the new input start time
Version 2.0.2
Dec. 5, 2023

Version 2.0.2:

  • Added validations for FEDRAMP Workday tenants
  • Updated Add-on builder build and pythonsdk lib

Version 2.0.0 Highlights:

  • New Multi-tenant feature : Configure multiple Workday tenants
  • Each tenant input requires a global account reference from the configuration page
  • Help page within the app with FAQ's

Before upgrade to Workday add-on for Splunk version : 2.0.0

  • Recommended : Install the add-on version 2.0.0 as a new add-on * If we are updating the app, please follow the steps below:
  • Disable and delete existing input.
  • (Optional) : Remove any local settings such as passwords.conf
  • These settings will remain deprecated and unused if not removed under app/local * Record the last timestamp of the event for the given tenant.
  • Use this timestamp to configure the new input start time
Version 2.0.1
April 25, 2023
  • Updated Add-on builder cloud compatibility checks

Version 2.0.0 * New Multi-tenant feature
* Global account feature is enabled. Now you can configure Workday tenants as global accounts * Updated input settings to include an optional start time setting
* Each tenant input requires a global account reference from the configuration page
* Handle timestamp checkpointer per input * Updated validations for configurations and inputs * Updated jquery & pythonsdk lib * Help page within the app with FAQ's

Before upgrade to Workday add-on for Splunk version : 2.0.0 * Recommended : Install the add-on version 2.0.0 as a new add-on * If we are updating the app, please follow the steps below:
* Disable and delete existing input.
* (Optional) : Remove any local settings such as passwords.conf
* These settings will remain deprecated and unused if not removed under app/local * Record the last timestamp of the event for the given tenant.
* Use this timestamp to configure the new input start time
Version 2.0.0
March 27, 2023
  • New Multi-tenant feature
    • Global account feature is enabled. Now you can configure Workday tenants as global accounts
  • Updated input settings to include an optional start time setting
    • Each tenant input requires a global account reference from the configuration page
    • Handle timestamp checkpointer per input
  • Updated validations for configurations and inputs
  • Updated jquery & pythonsdk lib
  • Help page within the app with FAQ's

    Before upgrade to Workday add-on for Splunk version : 2.0.0
  • Recommended : Install the add-on version 2.0.0 as a new add-on
  • If we are updating the app, please follow the steps below:
    • Disable and delete existing input.
    • (Optional) : Remove any local settings such as passwords.conf
    • These settings will remain deprecated and unused if not removed under app/local
  • Record the last timestamp of the event for the given tenant.
    • Use this timestamp to configure the new input start time
Version 1.2.0
May 12, 2022
  • Performance improvements
    • Increase batch size per API call from 100 to 1000
    • Up to 75% improvement in performance
    • Load testing compared to previous add-on version (1.1.0)
      • Load Tests of up to 54,000 - 70,000 events per minute
      • Capable to index up to 3.5M events per hour
  • Update jQuery to 3.6.0
  • Resolve a bug for API time range querying <1 second
  • Updated app.manifest to version 2.0.0
Version 1.1.0
Feb. 3, 2022
  • Updated logging api -
    • Phased out deprecated /auditLogs api and leveraging the new /activityLogging api
  • Performance improvements
    • Included a parameter (instancesReturned:1) to improve api call efficiency
    • Efficiently record events and write to disk based on volume
    • Resilient towards interruptions by incrementally saving checkpoints
    • Minor performance improvements with updated logging api
  • Updated add-on with new Splunk add-on builder updates
  • Load testing compared to previous add-on version (1.0):
    • This version of the add-on efficiently pulls events tested up to 12,000 - 15,000 events/minute
    • Approximately, 800K events per hour and may vary depending on factors:
      • Volume for the given time range
      • Network latency between Splunk endpoint and Workday tenant
      • Splunk Instance resources
    • Average efficiency based on volume of data for a given time range
      • 15% efficient for volume of 10K events
Version 1.0.2
April 21, 2021

Version 1.0.2
- Bug fix : TA_workday_checkpointer incorrectly validating against timestamp after upgrade.

Version 1.0.1
- HTTP proxy fix to add validity

Version 1.0.0
- Splunk version 8.x & Python3 compatibility
- Incrementally ingest data and save time check point
- Optimized thresholds for API limit tolerance
- Verbose DEBUG logging available
- Optimized payload fetch time
- Minor bugs and improvements
5,944
Downloads
Share Subscribe LOGIN TO DOWNLOAD
Version
Built by
Workday
Support
Developer Supported
Contact Developer Questions on Splunk Answers Flag as inappropriate App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs
Compatibility
Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise
Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0 Platform: Platform Independent CIM Versions: 5.x, 4.x Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0 Platform: Platform Independent CIM Versions: 5.x Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3 Platform: Platform Independent CIM Versions: 5.x, 4.x Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3 Platform: Platform Independent CIM Versions: 5.x, 4.x Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0 Platform: Platform Independent CIM Versions: 5.x, 4.x Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 8.1, 8.0, 7.3 Platform: Platform Independent CIM Versions: 4.x
Licensing
Workday MIT License
Category & Contents
Categories: Security, Fraud & Compliance
App Type: Add-on
Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Submit New Splunk App Dev Resources
PLATFORM
Data-to-Everything Platform
Splunk Cloud
Splunk Enterprise
Splunk Machine Learning Toolkit
Splunk Data Stream Processor
Pricing
Free Trials & Downloads
SECURITY PRODUCTS
Splunk Enterprise Security
Splunk Phantom
Splunk Mission Control
Splunk User Behavior Analytics
IT OPERATIONS & OBSERVABILITY PRODUCTS
Splunk Infrastructure Monitoring
Splunk IT Service Intelligence
Splunk Application Performance Monitoring
Splunk On-Call
SOLUTIONS BY INITIATIVE
Cloud Transformation
SOLUTIONS BY FUNCTION
Security
IT
Devops
SOLUTIONS BY INDUSTRY
Aerospace & Defense
Communications
Energy & Utilities
Financial Services
Healthcare
Higher Education
Manufacturing
Nonprofits
Online Services
Public Sector
Retail
WHY SPLUNK?
Why Splunk?
Customer Stories
Partners
Data-to-Everything
Diversity & Inclusion
SUPPORT
Support Portal
Support Programs
Splunk Answers
Contact Us
Product Security Updates
RESOURCES
Events
Webinars
Blogs
Customer Success
Expert Services
Data Insider
View All Resources
FOR DEVELOPERS
Documentation
Best Practices
Get Started with Splunk
Training & Certification
User Groups
Community
Splunkbase
Splunk dev
COMPANY
About Splunk
Careers
Leadership
Splunk for Good
Splunk Ventures
Splunk Protects
Newsroom
COVID-19 Response
SPLUNK SITES
.conf
Splunk Live!
T-Shirt Store
Investor Relations
Follow Us:
© 2005-2024 Splunk Inc. All rights reserved.
Sitemap | Privacy | Website Terms of Use | Splunk Licensing Terms | Export Control | Modern Slavery Statement | Splunk Patents | Report a Problem
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.