icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Slack Audit App for Splunk
SHA256 checksum (slack-audit-app-for-splunk_107.tgz) f338abb8022d09c90dd899b5904656aad25ff8ed6610899c464b767b0dd19472
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Slack Audit App for Splunk

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
The Slack Audit App for Splunk provides interactive searches and visualizations for monitoring what is happening in your Enterprise Grid organization. It works in conjunction with the Slack Add-on for Splunk, which is used to retrieve Slack Audit logs for your organization.

Slack Audit App for Splunk

The Slack Audit App for Splunk gives you critical insights into your Slack Enterprise Grid account.

The app includes:
A pre-built knowledge base of dashboards that deliver real-time visibility into your environment.
The dashboards showcase
- User Logins and Admin actions such as Users Added
- Popular App Installations, Approved and Retricted App Details
- File Activity
- Workspace Preference Change Activity
- Private/Public Channel Creations, User/Guest Joins and External Shared Channel Details

Setup Instructions

The Slack Audit App for Splunk needs Audit log data to be indexed into the slack_audit index.
Use the Technology Add-on to retrieve Slack Audit Logs : Slack Add-on for Splunk
Be sure to set the index to retrieve these logs into, to be named slack_audit

Preferences Activity Dashboard

The Preferences Activity Dashboard has the Event Timeline panel that relies on the Event Timeline App to be installed. Download the app to see the panel show up.

Troubleshooting

  • Verify that the the Slack Audit Logs are being populated into the right index, i.e., slack_audit
  • Verify that the Splunk account has access to the index containing the audit logs.
  • If not, perform the below steps to change the macro definition :
    • Navigate to Settings -> Advanced Search -> Search Macros
    • Set the App Context to be Slack Audit App for Splunk, Owner to be Any and Visible in the App
    • Click on the macro named slack_audit_log_index
    • Under its definition, change the name of the index to the index where slack audit log data is currently being populated.
    • Should you configure to index audit logs into multiple indexes, for example sending audit logs of different Enterprise Grid Slack Accounts into different indexes, change the marco to reflect those indexes as well. For instance :
      • Production Enterprise Slack Account Audit log index : slack_audit
      • Dev Enterprise Slack Account Audit log index : slack_audit_dev
      • New macro definition : (index=slack_audit OR index=slack_audit_dev)
    • Click on Save to save the new configuration
    • Re-open the Slack Audit App for Splunk to see the dashboards displaying data.
  • Preferences Activity dashboard would require installation of the Event Timeline App

Please be advised that using this integration is permitted subject to your obligations, including data privacy obligations, under your agreement with Splunk.

Release Notes

Version 1.0.7
May 14, 2020

7
Installs
22
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.