icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

End User License Agreement for Third-Party Content

Splunk Websites Terms and Conditions of Use

Thank You

Downloading Duo Splunk Connector
SHA256 checksum (duo-splunk-connector_118.tgz) 7241ca5e8e07c74f6bdec3885ad23ae93e2a2abb74c36131cb3062a98152817c SHA256 checksum (duo-splunk-connector_116.tgz) 6bb41d05ece6ede1dec2bb97d4b5eac3c873d2cbca052cae6fbe2c8b66fbdd82 SHA256 checksum (duo-splunk-connector_115.tgz) 6511704c8e3c8e2e94e42f0d844fc5aeaed5d8578a1b49c23341e91707597e7a SHA256 checksum (duo-splunk-connector_114.tgz) 76f4adf420a467a47c7927eb027d2c6fdf57e9b0aba68035a2c4a8845346fdc3 SHA256 checksum (duo-splunk-connector_113.tgz) d156ea6c4d26ec02a43d03baa10dc3d02e1491de5eb91408cc36c2baab603567 SHA256 checksum (duo-splunk-connector_112.tgz) 6a39b2b20ca28368f0d94497257ee343cdff2a6786d9b39c1cd1f21e40ac7963 SHA256 checksum (duo-splunk-connector_111.tgz) 989abc5bfad0869b726733a7e647cdddf7c32265471e0cde73ea3188bb1de038 SHA256 checksum (duo-splunk-connector_110.tgz) 6b51085bef7d8ba4b16f090718157404f54e234e7f946701978c51267e45da17 SHA256 checksum (duo-splunk-connector_101.tgz) 32b6713267e084433db5c76c9152d8a4983970958a77de51d9ed7f99ab857842
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Duo Splunk Connector

Splunk Cloud
This app is NOT supported by Splunk. Please read about what that means for youhere.
Overview
Details
Duo Splunk Connector allow administrators to easily import their Duo logs into their Splunk environment.

Once configured, the connector automatically pulls in the following Duo logs for the last 30 days:

Authentication Logs
Administrator Logs
Telephony Logs
Endpoint Logs

The connector comes populated with default dashboards for the above logs. Administrators can create new dashboards or manipulate the existing dashboards.

View our documentation at: http://duo.com/docs/splunkapp

Release Notes

Version 1.1.8
Feb. 6, 2021

Fixed a bug in packaging where latest version of six module was not getting set in splunk env. This was causing problem for people upgrading to latest version of Duo Splunk Connector since older version of six has some incompatible libraries.
Version 1.1.6
Feb. 10, 2020

- Fixed error message that would appear for Duo Federal MFA + Duo Federal Access edition customers during initial connector configuration.


Note on upgrading from version 1.1.2 and below:

If you are using Index Clustering and upgrading from version 1.1.2 or below, please follow the below steps or you may experience issues.

In previous versions of the Duo Splunk Connector we included "repoFactor=auto" by default in our indexes.conf file. We are removing this in version 1.1.3 and you'll need to make a small change before upgrading.

1. Go to $SPLUNK_HOME/etc/apps/duo_splunkapp/local
2. Create a new file called "indexes.conf"
3. Put the following two lines in the file:

[duo]
repFactor=auto

4. Save the file.
5. Restart Splunk.

You can now upgrade your Duo Splunk Connector to version 1.1.6
Version 1.1.5
Aug. 30, 2019

- Fixed bug related to error log messages sometimes breaking the Splunk JsonLineBreaker.
- Added more verbose logging messages to aid in troubleshooting.
- Improved performance when validating Duo Admin API credentials during the initial setup.
- Added support for Splunk 7.3.


Note on upgrading from version 1.1.2 and below:

If you are using Index Clustering and upgrading from version 1.1.2 or below, please follow the below steps or you may experience issues.

In previous versions of the Duo Splunk Connector we included "repoFactor=auto" by default in our indexes.conf file. We are removing this in version 1.1.3 and you'll need to make a small change before upgrading.

1. Go to $SPLUNK_HOME/etc/apps/duo_splunkapp/local
2. Create a new file called "indexes.conf"
3. Put the following two lines in the file:

[duo]
repFactor=auto

4. Save the file.
5. Restart Splunk.

You can now upgrade your Duo Splunk Connector to version 1.1.5
Version 1.1.4
Feb. 14, 2019

- Added more helpful logging.
- App will now gracefully handle API rate limits.
- Improved Endpoint retrieval process.
- Minor changes to the dashboard queries to assist in a future preview.


Note on upgrading from version 1.1.2 and below:

If you are using Index Clustering and upgrading from version 1.1.2 or below, please follow the below steps or you may experience issues.

In previous versions of the Duo Splunk Connector we included "repoFactor=auto" by default in our indexes.conf file. We are removing this in version 1.1.3 and you'll need to make a small change before upgrading.

1. Go to $SPLUNK_HOME/etc/apps/duo_splunkapp/local
2. Create a new file called "indexes.conf"
3. Put the following two lines in the file:

[duo]
repFactor=auto

4. Save the file.
5. Restart Splunk.

You can now upgrade your Duo Splunk Connector to version 1.1.4
Version 1.1.3
June 8, 2018

**Customers using Index Clustering should follow the steps below before upgrading or they may experience issues**

In previous versions of the Duo Splunk Connector we included "repoFactor=auto" by default in our indexes.conf file. We are removing this in version 1.1.3 and you'll need to make a small change before upgrading.

1. Go to $SPLUNK_HOME/etc/apps/duo_splunkapp/local
2. Create a new file called "indexes.conf"
3. Put the following two lines in the file:
[duo]
repFactor=auto
4. Save the file.
5. Restart Splunk.

You can now upgrade your Duo Splunk Connector to version 1.1.3

Version 1.1.3 Updates:

- Small changes to prepare Duo Splunk Connector for Splunk Certification
- Removed repoFactor=auto from the default indexes.conf file.
Version 1.1.2
June 20, 2017

- Bug fixes
Version 1.1.1
May 22, 2017

- Encrypting Duo SKEY with Splunk's encryption system
- Updated README with support information
Version 1.1.0
March 10, 2017

- Added Macro support allowing admins to specify a custom index for dashboards
- Changed map on authentication page to use city instead of longitude and latitude
- Bug fixes
Version 1.0.1
March 2, 2017

1.0.1 - Initial Release: The Duo Splunk Connector will allow you to pull in Duo logs to Splunk.
3,608
Installs
6,028
Downloads
Share Subscribe LOGIN TO DOWNLOAD
Version
Built by
Duo Security
Support
Developer Supported
Contact Developer Questions on Splunk Answers Flag as inappropriate App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs
Compatibility
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise
Splunk Versions: 8.2, 8.1, 8.0, 7.3, 7.2 Platform: Platform Independent Splunk Versions: 7.3, 7.2 Platform: Platform Independent Splunk Versions: 7.3, 7.2 Platform: Platform Independent Splunk Versions: 7.2 Platform: Platform Independent Platform: Platform Independent Platform: Platform Independent Platform: Platform Independent Platform: Platform Independent Platform: Platform Independent
Licensing
End User License Agreement for Third-Party Content
Category & Contents
Categories: IT Operations, Security, Fraud & Compliance
App Type: App
Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Submit Your App Dev Resources
PLATFORM
Data-to-Everything Platform
Splunk Cloud
Splunk Enterprise
Splunk Machine Learning Toolkit
Splunk Data Stream Processor
Pricing
Free Trials & Downloads
SECURITY PRODUCTS
Splunk Enterprise Security
Splunk Phantom
Splunk Mission Control
Splunk User Behavior Analytics
IT OPERATIONS & OBSERVABILITY PRODUCTS
Splunk Infrastructure Monitoring
Splunk IT Service Intelligence
Splunk Application Performance Monitoring
Splunk On-Call
SOLUTIONS BY INITIATIVE
Cloud Transformation
SOLUTIONS BY FUNCTION
Security
IT
Devops
SOLUTIONS BY INDUSTRY
Aerospace & Defense
Communications
Energy & Utilities
Financial Services
Healthcare
Higher Education
Manufacturing
Nonprofits
Online Services
Public Sector
Retail
WHY SPLUNK?
Why Splunk?
Customer Stories
Partners
Data-to-Everything
Diversity & Inclusion
SUPPORT
Support Portal
Support Programs
Splunk Answers
Contact Us
Product Security Updates
RESOURCES
Events
Webinars
Blogs
Customer Success
Expert Services
Data Insider
View All Resources
FOR DEVELOPERS
Documentation
Best Practices
Get Started with Splunk
Training & Certification
User Groups
Community
Splunkbase
Splunk dev
COMPANY
About Splunk
Careers
Leadership
Splunk for Good
Splunk Ventures
Splunk Protects
Newsroom
COVID-19 Response
SPLUNK SITES
.conf
Splunk Live!
T-Shirt Store
Investor Relations
Follow Us:
© 2005-2021 Splunk Inc. All rights reserved.
Sitemap | Privacy | Website Terms of Use | Splunk Licensing Terms | Export Control | Modern Slavery Statement | Splunk Patents | Report a Problem
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.