icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Workday Add-on for Splunk
SHA256 checksum (workday-add-on-for-splunk_100.tgz) ced375857a87e4180c1826edd8a12fd98614ee29f40396a7f31a9c0913e5f624 SHA256 checksum (workday-add-on-for-splunk_051.tgz) 86ab35759ed98b901e48dadf17b64616498b93a09a3a96e1f913287f8eec5270 SHA256 checksum (workday-add-on-for-splunk_050.tgz) e7f35cddfc527fe6b7fa3c00a0b0206bd28fb1cc5fb62e5286fd9dc4169db5c3 SHA256 checksum (workday-add-on-for-splunk_041.tgz) 665cdd6cd1aa7c4da327edd60f8f332596c8afb64c7af0a84b575755fa4fac36 SHA256 checksum (workday-add-on-for-splunk_04.tgz) 54bd3b1bafa8f430c6c3ac8631052a77499b5d06bbad3869027f2f07cd0b7888
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Workday Add-on for Splunk

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
The Workday Add-on for Splunk enables you to collect activity logs from your Workday tenant into Splunk for security monitoring and analysis.
If you enable this functionality, the collected user activity logs will reside outside of Workday.

The Workday Add-on for Splunk® enables you to automatically send a copy of user activity log data from your Workday tenant into your Splunk account. This enables you to use Splunk to parse the log data to monitor for harmful activity in your tenant.

If you enable this functionality, a copy of your user activity data will reside outside of Workday.

The Workday Add-on for Splunk is available on the Splunkbase site and is not part of the Workday Service. Follow the directions on Splunkbase to license and download the add-on.

Do these steps to set up Workday to send data to Splunk:

  1. Create an Integration System User.
  2. Register the add-on client in your tenant.
  3. Retrieve client values for the add-on.
  4. Enable your tenant to send data to Splunk.

If the Workday Add-on for Splunk is not working as expected, please have a Workday Administrator in your organization create a case to receive assistance from Workday Support.

Create an Integration Systems User

Create an Integrations Systems User and the associated Security Group and Policy.

  1. Access the Create Integration System User task.
    • User Name: Splunk_ISU
    • Session Timeout Minutes: 0 (disable session expiration)
    • Do Not Allow UI Sessions: Yes (select this checkbox)
  2. Access the Create Security Group task.
    • Type of Tenanted Security Group: Integration System Security Group (Unconstrained)
    • Name: Remote Security Monitoring
  3. Access the Edit Integration System Security Group (Unconstrained) task for the group you just created.
    • Integration System Users: Splunk_ISU
  4. Access the View Domain task for the domain System Auditing.
  5. Select Domain > Edit Security Policy Permissions from the System Auditing related actions menu.
  6. Add the group you created, Remote Security Monitoring, to both tables:
    • Report/Task Permissions table: View access
    • Integration Permissions table: Get access
  7. Access the Activate Pending Security Policy Changes task and activate the changes that you made.

For additional information, see Set Up Integration System User Security in Workday documentation.

Register the Add-on Client in your Tenant

  1. Access the the Register API Client for Integrations task and register the client.
    • Client Name: Workday Add-on for Splunk
    • Non-Expiring Refresh Tokens: Yes
    • Scope: System

For additional information, see Register API Client for Integrations in Workday documentation.

Retrieve Client Values for the Add-on

  1. Access the View API Clients task, select the API Clients for Integrations tab and confirm these settings:
    • Client Grant Type: Authorization Code Grant
    • Access Token Type: Bearer
  2. Copy and store these four values (the first two values are at the top of the page):
    • Workday REST API Endpoint
    • Token Endpoint
    • Client ID
    • Client Secret
  3. Select API Client > Manage Refresh Token for Integrations from the Workday Add-on for Splunk related actions menu.
    • Workday Account: Splunk_ISU
  4. Select Generate New Refresh Token checkbox, then save that token.
  5. Enter the values you saved into the add-on.

Enable your tenant to send data

  1. Access the Edit Tenant Setup - System task and ensure that the Enable User Activity Logging checkbox is selected.
  2. Access the Edit Tenant Setup - Security task and ensure that the OAuth 2.0 Clients Enabled checkbox is selected.

Release Notes

Version 1.0.0
Nov. 20, 2020

- Splunk version 8.x & Python3 compatibility
- Incrementally ingest data and save time check point
- Optimized thresholds for API limit tolerance
- Verbose DEBUG logging available
- Optimized payload fetch time
- Minor bugs and improvements

Version 0.5.1
July 26, 2019

Added support to query the Workday endpoint in chunks to handle the api event limit

Version 0.5.0
Nov. 1, 2018

Added in-app proxy support

Version 0.4.1
Feb. 8, 2018

-- Specify hard timeout limits
-- Include workday.net as a valid TLD

Version 0.4
Nov. 7, 2017

Version 0.4
Initial Application Release


Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.