CA Splunk integration

Document ID : KB000126311
Last Modified Date : 06/02/2019
Show Technical Document Details
Introduction:
PAM Administrator needs to integrate PAM into Splunk and wants to understand the steps.
Environment:
PAM 3.x
Instructions:
In Splunk:
  1. Log into Splunk with an Admin User
  2. Click on "Settings"
  3. Locate "Data" section
  4. Click on "Forwarding and Receiving"
  5. Locate "Receive Data" section
  6. Click on "Configure Receiving" 
  7. Use your current "listening" port or click on "New Receiving Port"
In PAM:
  1. Login with an Admin User
  2. Click on "Configuration"
  3. Click on "3rd Party"
  4. Click "Splunk"
  5. Cick "Add" 
  6. Add the servername\ip address and the receiving port you had configured in above step 7
  7. Click OK
Additional Information:
Alternatively if you are looking to integrate into Splunk via Syslog, please follow this Knowledge Document:
https://comm.support.ca.com/kb/how-to-forward-pams-syslog-to-splunk-for-data-analytics/kb000097550