Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
184
Views
0
Helpful
0
Replies

Issues-DUO in Splunk (Empty Location Details and Incorrect IP Field)

varun-kumar
Level 1
Level 1

‎05-22-2024 12:21 AM - edited ‎05-23-2024 04:59 PM

Hi Team,
We have successfully onboarded DUO logs into the Splunk SIEM platform. We are polling the DUO API to retrieve the necessary logs and have installed the Splunk DUO Add-on to extract the required fields.

While all the DUO logs are being ingested into Splunk, we have encountered two issues:

1) The Location details are appearing as empty.
2) The IP field is showing the Initiator IP rather than the Responder IP (the phone IP **bleep** where the DUO push is approved).

Could you please confirm whether this is functioning as designed, or if we need to adjust any settings to display the details mentioned in points 1 and 2? Additionally, let us know if we need to submit an enhancement request

Please see the attached screenshot for reference. Any assistance in resolving these issues would be greatly appreciated

varunkumar_0-1716362382497.png

Regards
VK

Labels:
0 Helpful
0 Replies 0
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents