Solved: Re: DUO Log Add-on for Splunk setup

SamAlo · ‎08-03-2016

After installing the Duo Add-on i am not seeing "DUO Security 2fa logs" in data inputs. Is this compatible with version 6.4? Are there any special instructions after the app has been installed to get it to show up?

bawood · ‎08-03-2016

I just tried installing on a clean 6.4.2 Splunk and the data input showed up and I'm not aware of any compatibility issues it would have with 6.4. It shouldn't even require a restart, but you could try that if you haven't already.

View solution in original post

bawood · ‎08-03-2016

I just tried installing on a clean 6.4.2 Splunk and the data input showed up and I'm not aware of any compatibility issues it would have with 6.4. It shouldn't even require a restart, but you could try that if you haven't already.

SamAlo · ‎08-03-2016

Found it. Testing it out now.

Thanks for your help

robert_miller · ‎11-09-2016

Where did you find it? I am not seeing it and that URL doesn't work on 6.5.

SamAlo · ‎08-03-2016

Is it under Scripts? Under data inputs what "type" would it be under?

bawood · ‎08-03-2016

It should be it's own type, "DUO Security 2fa logs" in the Local section.

bawood · ‎08-03-2016

You should also be able to find it under the "Add Data" dialog;
try appending this path to your Splunk server's url:
"en-US/manager/TA-DUOSecurity2FA/adddata/selectsource?input_mode=1"

DUO Log Add-on for Splunk setup

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?