When configuring the Duo Splunk Connector App, if an index other than "duo" is selected, the dashboard do not utilize the selected index for the searches. The proper way to do this would be for the app to use a macro based on the selected to populate "index=" in the search. Can the app be updated to use this functionality so that every search on the dashboard does not need to reconfigured?
Hey rajshahcme,
I just wanted to you to know that I've added this update to our code and it will be in the next release! I'll be sure to reach out to you when that happens but it should be in a few days.
Hey rajshahcme,
I just wanted to you to know that I've added this update to our code and it will be in the next release! I'll be sure to reach out to you when that happens but it should be in a few days.
Awesome, glad to hear!
Hey rajshahcme,
The app has been updated on Splunkbase to v1.1 with macro support. The macro can be found in the defaults/macros.conf file or can be changed through the web interface.
This is Jamie from Duo here. Feel free to send over any suggestions like mmodestino_splunk mentioned. An example of what you're looking for would definitely help speed up any changes you'd like to see.
Thanks for the Support Jamie!
Hey rajshahcme!
The doc link on splunkbase point to https://duo.com/docs/splunkapp and at the bottom of the page it looks like DUO listed a support address support@duosecurity.com
I recommend making the changes you would like to see in the app and sending them over to them for fastest results.
Hopefully they monitor for questions here, but in case they don't you could probably get their attention pretty quick directly.