You can use the Auth0 App for Splunk to visualize the data from your Auth0 tenant in a Splunk dashboard. The dashboard allows you to monitor the health of the login traffic for a tenant. The app allows you to use recommended aggregations from Auth0, or to use them as a starting point to create your own custom visualizations.
The following filters exist to allow you to drill down into the specifics of your traffic. You can enter *
to search across all values for that field.
Filter | Description |
---|---|
Time Range | A Splunk time input element that lets you choose the duration over which to view events. |
Index | The Splunk index you want to search within. While creating your Http Event Collector Token , if you specified a particular index, you may use this value from the dropdown. |
HTTP Source | The Splunk source name. |
IP | The IP address whose traffic you want to inspect. This maps to data.ip in the log event. |
Client | The client whose traffic you want to inspect. This maps to data.client_name in the log event. |
Country | The country whose traffic you want to inspect. This is a field obtained using the iplocation data.ip search command in the query. It results in a Country field being added to each log event. |
Username | The email address whose login traffic you want to inspect. This maps to data.user_name in the log event. |
You can customize your Splunk Auth0 security dashboard to add custom data widgets.
1. Navigate to your Auth0 security dashboard and select edit in the top right corner.
2. In the Edit Dashboard panel, select add panel and then choose a content type. For example line chart, event, or area chart.
3. Enter the time range, content title, and search string for the data visualization.
4. Select Add to dashboard to add your new data widget.
Auth0 will attempt delivery of all logged events up to three times. If still unsuccessful, Auth0 will log the failure. These failures are displayed in Auth0 under the Health tab for your log stream, you can find out more here.
Visit Auth0 Status Page to view the current and historical status of Auth0 services.
Visit https://support.auth0.com for support with the app or setting up log streaming to Splunk.
Updated to version 1.1 of Simple XML, in order to remove old jQuery dependency
The first version of the Auth0 App for Splunk which includes the following features:
Logins:
- Successful logins over time
- Failed logins over time
- Login failures by country over time
- Unique IPs attempting authentication by country over time
- Failures by IP by region for the selected time period
Account Creation:
- Count of accounts created by country over time
- Top IPs with account creation counts by region for the selected time period
Anomalies:
- Auth0 anomaly detection events over time
- Top 5 IPs with anomalous traffic by region for the selected time period
The first version of the Auth0 App for Splunk which includes the following features:
Logins:
- Successful logins over time
- Failed logins over time
- Login failures by country over time
- Unique IPs attempting authentication by country over time
- Failures by IP by region for the selected time period
Account Creation:
- Count of accounts created by country over time
- Top IPs with account creation counts by region for the selected time period
Anomalies:
- Auth0 anomaly detection events over time
- Top 5 IPs with anomalous traffic by region for the selected time period
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.