icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Duo Splunk Connector
SHA256 checksum (duo-splunk-connector_117.tgz) 61c798bbe32d31bb190302d1cdf28a0c1425c3ada90af65e4724df67f5894ec5 SHA256 checksum (duo-splunk-connector_116.tgz) 6bb41d05ece6ede1dec2bb97d4b5eac3c873d2cbca052cae6fbe2c8b66fbdd82 SHA256 checksum (duo-splunk-connector_115.tgz) 6511704c8e3c8e2e94e42f0d844fc5aeaed5d8578a1b49c23341e91707597e7a SHA256 checksum (duo-splunk-connector_114.tgz) 76f4adf420a467a47c7927eb027d2c6fdf57e9b0aba68035a2c4a8845346fdc3 SHA256 checksum (duo-splunk-connector_113.tgz) d156ea6c4d26ec02a43d03baa10dc3d02e1491de5eb91408cc36c2baab603567 SHA256 checksum (duo-splunk-connector_112.tgz) 6a39b2b20ca28368f0d94497257ee343cdff2a6786d9b39c1cd1f21e40ac7963 SHA256 checksum (duo-splunk-connector_111.tgz) 989abc5bfad0869b726733a7e647cdddf7c32265471e0cde73ea3188bb1de038 SHA256 checksum (duo-splunk-connector_110.tgz) 6b51085bef7d8ba4b16f090718157404f54e234e7f946701978c51267e45da17 SHA256 checksum (duo-splunk-connector_101.tgz) 32b6713267e084433db5c76c9152d8a4983970958a77de51d9ed7f99ab857842
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Duo Splunk Connector

Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
Duo Splunk Connector allow administrators to easily import their Duo logs into their Splunk environment.

Once configured, the connector automatically pulls in the following Duo logs for the last 30 days:

Authentication Logs
Administrator Logs
Telephony Logs
Endpoint Logs

The connector comes populated with default dashboards for the above logs. Administrators can create new dashboards or manipulate the existing dashboards.

View our documentation at: http://duo.com/docs/splunkapp

Release Notes

Version 1.1.7
July 8, 2020

Version 1.1.7 - July 9, 2020
---

- App now supports Splunk version 8.0.
- App now supports the optional python3 runtime which is included w/ Splunk version 8.0. Python2 and python3 are both supported now.
- Inputs.conf has been updated to set the python runtime to python3 for Splunk versions 8.0 or newer (python.version = python3). This change has no effect on Splunk 7 users. Splunk 7 users will still be using the same python2 runtime even with this update to the inputs.conf.

Version 1.1.6
Feb. 10, 2020

- Fixed error message that would appear for Duo Federal MFA + Duo Federal Access edition customers during initial connector configuration.


Note on upgrading from version 1.1.2 and below:

If you are using Index Clustering and upgrading from version 1.1.2 or below, please follow the below steps or you may experience issues.

In previous versions of the Duo Splunk Connector we included "repoFactor=auto" by default in our indexes.conf file. We are removing this in version 1.1.3 and you'll need to make a small change before upgrading.

1. Go to $SPLUNK_HOME/etc/apps/duo_splunkapp/local
2. Create a new file called "indexes.conf"
3. Put the following two lines in the file:

[duo]
repFactor=auto

4. Save the file.
5. Restart Splunk.

You can now upgrade your Duo Splunk Connector to version 1.1.6

Version 1.1.5
Aug. 30, 2019

- Fixed bug related to error log messages sometimes breaking the Splunk JsonLineBreaker.
- Added more verbose logging messages to aid in troubleshooting.
- Improved performance when validating Duo Admin API credentials during the initial setup.
- Added support for Splunk 7.3.


Note on upgrading from version 1.1.2 and below:

If you are using Index Clustering and upgrading from version 1.1.2 or below, please follow the below steps or you may experience issues.

In previous versions of the Duo Splunk Connector we included "repoFactor=auto" by default in our indexes.conf file. We are removing this in version 1.1.3 and you'll need to make a small change before upgrading.

1. Go to $SPLUNK_HOME/etc/apps/duo_splunkapp/local
2. Create a new file called "indexes.conf"
3. Put the following two lines in the file:

[duo]
repFactor=auto

4. Save the file.
5. Restart Splunk.

You can now upgrade your Duo Splunk Connector to version 1.1.5

Version 1.1.4
Feb. 14, 2019

- Added more helpful logging.
- App will now gracefully handle API rate limits.
- Improved Endpoint retrieval process.
- Minor changes to the dashboard queries to assist in a future preview.


Note on upgrading from version 1.1.2 and below:

If you are using Index Clustering and upgrading from version 1.1.2 or below, please follow the below steps or you may experience issues.

In previous versions of the Duo Splunk Connector we included "repoFactor=auto" by default in our indexes.conf file. We are removing this in version 1.1.3 and you'll need to make a small change before upgrading.

1. Go to $SPLUNK_HOME/etc/apps/duo_splunkapp/local
2. Create a new file called "indexes.conf"
3. Put the following two lines in the file:

[duo]
repFactor=auto

4. Save the file.
5. Restart Splunk.

You can now upgrade your Duo Splunk Connector to version 1.1.4

Version 1.1.3
June 8, 2018

**Customers using Index Clustering should follow the steps below before upgrading or they may experience issues**

In previous versions of the Duo Splunk Connector we included "repoFactor=auto" by default in our indexes.conf file. We are removing this in version 1.1.3 and you'll need to make a small change before upgrading.

1. Go to $SPLUNK_HOME/etc/apps/duo_splunkapp/local
2. Create a new file called "indexes.conf"
3. Put the following two lines in the file:
[duo]
repFactor=auto
4. Save the file.
5. Restart Splunk.

You can now upgrade your Duo Splunk Connector to version 1.1.3

Version 1.1.3 Updates:

- Small changes to prepare Duo Splunk Connector for Splunk Certification
- Removed repoFactor=auto from the default indexes.conf file.

Version 1.1.2
June 20, 2017

- Bug fixes

Version 1.1.1
May 22, 2017

- Encrypting Duo SKEY with Splunk's encryption system
- Updated README with support information

Version 1.1.0
March 10, 2017

- Added Macro support allowing admins to specify a custom index for dashboards
- Changed map on authentication page to use city instead of longitude and latitude
- Bug fixes

Version 1.0.1
March 2, 2017

1.0.1 - Initial Release: The Duo Splunk Connector will allow you to pull in Duo logs to Splunk.

2,053
Installs
4,022
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.