All Apps and Add-ons

Duo Splunk Connector: Why does the app not update the index on dashboard when a different index is configured?

rajshahcme
Engager

When configuring the Duo Splunk Connector App, if an index other than "duo" is selected, the dashboard do not utilize the selected index for the searches. The proper way to do this would be for the app to use a macro based on the selected to populate "index=" in the search. Can the app be updated to use this functionality so that every search on the dashboard does not need to reconfigured?

0 Karma
1 Solution

duosec
Explorer

Hey rajshahcme,

I just wanted to you to know that I've added this update to our code and it will be in the next release! I'll be sure to reach out to you when that happens but it should be in a few days.

View solution in original post

duosec
Explorer

Hey rajshahcme,

I just wanted to you to know that I've added this update to our code and it will be in the next release! I'll be sure to reach out to you when that happens but it should be in a few days.

rajshahcme
Engager

Awesome, glad to hear!

0 Karma

duosec
Explorer

Hey rajshahcme,

The app has been updated on Splunkbase to v1.1 with macro support. The macro can be found in the defaults/macros.conf file or can be changed through the web interface.

duosec
Explorer

This is Jamie from Duo here. Feel free to send over any suggestions like mmodestino_splunk mentioned. An example of what you're looking for would definitely help speed up any changes you'd like to see.

0 Karma

mattymo
Splunk Employee
Splunk Employee

Thanks for the Support Jamie!

- MattyMo
0 Karma

mattymo
Splunk Employee
Splunk Employee

Hey rajshahcme!

The doc link on splunkbase point to https://duo.com/docs/splunkapp and at the bottom of the page it looks like DUO listed a support address support@duosecurity.com

I recommend making the changes you would like to see in the app and sending them over to them for fastest results.

Hopefully they monitor for questions here, but in case they don't you could probably get their attention pretty quick directly.

- MattyMo
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...