icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Cancel Visit New Splunkbase Visit
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

End User License Agreement for Third-Party Content

Splunk Websites Terms and Conditions of Use

Thank You

Downloading Auth0 App for Splunk
SHA256 checksum (auth0-app-for-splunk_102.tgz) b9bc369ebc9abedc0e9157823c11b41dd34224818f71d7112ce37ae34f9bb670 SHA256 checksum (auth0-app-for-splunk_101.tgz) a941538023714ad13e281fe6f4ad28913049830885147df6068a72a76feda903 SHA256 checksum (auth0-app-for-splunk_100.tgz) 66f99c9734b15a432f45badf8f8c0111c2a6a2fc88c7e3a14fba4831ef6f20d4
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate
splunk

Auth0 App for Splunk

Splunk Cloud
Overview
Details
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding more than 4.5 billion login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.

This app is enabled by Auth0 Log Streaming which provides customers with access to event logs covering a wide range of scenarios, including our own security specific events. Customers receive prompt information for their identity, access management, and security functions, enabling them to react swiftly and appropriately. It also enables the possibility of using these event logs as extensibility points or build automated workflows.

Use Auth0 App for Splunk

You can use the Auth0 App for Splunk to visualize the data from your Auth0 tenant in a Splunk dashboard. The dashboard allows you to monitor the health of the login traffic for a tenant. The app allows you to use recommended aggregations from Auth0, or to use them as a starting point to create your own custom visualizations.

Install the Auth0 App for Splunk

  1. Configure the Splunk Log Streaming integration for Auth0 by following the instructions under the installation tab.
  2. Log into your Splunk instance.
  3. In the Apps panel on the left, click Find More Apps.
  4. Use the Find apps by keyword, technology search box to search for Auth0.
  5. Click the green Install button on the Auth0 App for Splunk card that appears.
  6. Enter your splunk.com username and password, accept the terms and conditions, and click Agree and Install.
  7. On the Complete modal that appears click on the Open the App button. The Auth0 Dashboard with default filters applied appears.
  8. If a modal with the title Continue with external content? appears, verify the URLs originate from auth0.com and click continue.

Dashboard filters

The following filters exist to allow you to drill down into the specifics of your traffic. You can enter * to search across all values for that field.

Filter Description
Time Range A Splunk time input element that lets you choose the duration over which to view events.
Index The Splunk index you want to search within. While creating your Http Event Collector Token, if you specified a particular index, you may use this value from the dropdown.
HTTP Source The Splunk source name.
IP The IP address whose traffic you want to inspect. This maps to data.ip in the log event.
Client The client whose traffic you want to inspect. This maps to data.client_name in the log event.
Country The country whose traffic you want to inspect. This is a field obtained using the iplocation data.ip search command in the query. It results in a Country field being added to each log event.
Username The email address whose login traffic you want to inspect. This maps to data.user_name in the log event.

Customize dashboard

You can customize your Splunk Auth0 security dashboard to add custom data widgets.
1. Navigate to your Auth0 security dashboard and select edit in the top right corner.
2. In the Edit Dashboard panel, select add panel and then choose a content type. For example line chart, event, or area chart.
3. Enter the time range, content title, and search string for the data visualization.
4. Select Add to dashboard to add your new data widget.

Troubleshooting

Failures

Auth0 will attempt delivery of all logged events up to three times. If still unsuccessful, Auth0 will log the failure. These failures are displayed in Auth0 under the Health tab for your log stream, you can find out more here.

Status

Visit Auth0 Status Page to view the current and historical status of Auth0 services.

Support

Visit https://support.auth0.com for support with the app or setting up log streaming to Splunk.

Release Notes

Version 1.0.2
Oct. 6, 2021

Updated to version 1.1 of Simple XML, in order to remove old jQuery dependency
Version 1.0.1
Sept. 15, 2020

The first version of the Auth0 App for Splunk which includes the following features:

Logins:
- Successful logins over time
- Failed logins over time
- Login failures by country over time
- Unique IPs attempting authentication by country over time
- Failures by IP by region for the selected time period

Account Creation:
- Count of accounts created by country over time
- Top IPs with account creation counts by region for the selected time period

Anomalies:
- Auth0 anomaly detection events over time
- Top 5 IPs with anomalous traffic by region for the selected time period
Version 1.0.0
Sept. 7, 2020

The first version of the Auth0 App for Splunk which includes the following features:

Logins:
- Successful logins over time
- Failed logins over time
- Login failures by country over time
- Unique IPs attempting authentication by country over time
- Failures by IP by region for the selected time period

Account Creation:
- Count of accounts created by country over time
- Top IPs with account creation counts by region for the selected time period

Anomalies:
- Auth0 anomaly detection events over time
- Top 5 IPs with anomalous traffic by region for the selected time period
2,410
Downloads
Share Subscribe LOGIN TO DOWNLOAD
Version
Built by
Auth0, Inc
Support
Developer Supported
Contact Developer Questions on Splunk Answers Flag as inappropriate
Compatibility
This version of the app (1.0.1) is not available for Splunk Cloud. However, version 1.0.2 of this app is available for Splunk Cloud.
This version of the app (1.0.0) is not available for Splunk Cloud. However, version 1.0.2 of this app is available for Splunk Cloud.
Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise Products: Splunk Enterprise
Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent
Licensing
End User License Agreement for Third-Party Content
Category & Contents
Categories: IT Operations, Security, Fraud & Compliance
App Type: App
Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Submit New Splunk App Dev Resources
PLATFORM
Data-to-Everything Platform
Splunk Cloud
Splunk Enterprise
Splunk Machine Learning Toolkit
Splunk Data Stream Processor
Pricing
Free Trials & Downloads
SECURITY PRODUCTS
Splunk Enterprise Security
Splunk Phantom
Splunk Mission Control
Splunk User Behavior Analytics
IT OPERATIONS & OBSERVABILITY PRODUCTS
Splunk Infrastructure Monitoring
Splunk IT Service Intelligence
Splunk Application Performance Monitoring
Splunk On-Call
SOLUTIONS BY INITIATIVE
Cloud Transformation
SOLUTIONS BY FUNCTION
Security
IT
Devops
SOLUTIONS BY INDUSTRY
Aerospace & Defense
Communications
Energy & Utilities
Financial Services
Healthcare
Higher Education
Manufacturing
Nonprofits
Online Services
Public Sector
Retail
WHY SPLUNK?
Why Splunk?
Customer Stories
Partners
Data-to-Everything
Diversity & Inclusion
SUPPORT
Support Portal
Support Programs
Splunk Answers
Contact Us
Product Security Updates
RESOURCES
Events
Webinars
Blogs
Customer Success
Expert Services
Data Insider
View All Resources
FOR DEVELOPERS
Documentation
Best Practices
Get Started with Splunk
Training & Certification
User Groups
Community
Splunkbase
Splunk dev
COMPANY
About Splunk
Careers
Leadership
Splunk for Good
Splunk Ventures
Splunk Protects
Newsroom
COVID-19 Response
SPLUNK SITES
.conf
Splunk Live!
T-Shirt Store
Investor Relations
Follow Us:
© 2005-2024 Splunk Inc. All rights reserved.
Sitemap | Privacy | Website Terms of Use | Splunk Licensing Terms | Export Control | Modern Slavery Statement | Splunk Patents | Report a Problem
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.