"Log Streaming feature" makes Okta log monitoring more real-time on external monitoring systems

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

product
- Okta Workforce Identity Cloud
- Okta Customer Identity Cloud

Specifications/Technical Information

Specifications/Technical Information
- Workforce Identity Cloud Basic Setup Behavior Guide
- Customer Identity Cloud (Auth0) basic setup behavior guide

solution

solution
- Okta Solutions - Zero Trust with Okta

User stories

support

- Macnica Support

Seminar content

Document request

inquiry

Event/Seminar

video on demand

``Log Straming function'' that makes Okta's log monitoring in an external monitoring system more real-time

What is Log Streaming

The Log Streaming feature makes it easy to stream Okta logs to external services in real time.
By linking with an external service, you can perform more appropriate monitoring and long-term storage of logs.
Okta only saves logs for the last three months, so you can't check logs before that.
In addition, by centrally monitoring the logs of various applications including Okta with the same external service, there are various advantages such as quickly identifying which application is causing the problem when a failure occurs.

Okta logs can be linked to external services without using the Log Streaming function, but in that case polling is performed from the external service and Okta logs are sent to the external service server for monitoring. . Therefore, time lag is likely to occur.

You can see that using the Log Streaming function has the advantage of making it difficult for time lags to occur during monitoring!
Currently, this Log Streaming feature can work with AWS EventBridge and Splunk Cloud.
This time, we will introduce in detail about cooperation with SplunkCloud!

Procedure for linking Log Streaming with SplunkCloud

In order to link the Log Streaming function with an external service, settings must be made on the Okta side and the external service side.
We will introduce the actual procedure for linking with Splunk Cloud.

Issue a token on the Splunk Cloud side

Click Settings > Data Input and issue a new token from the HTTP event collector.

Procedure for linking Log Streaming with SplunkCloud

After issuing the token, copy the token value. (The copied token value will be used when configuring the settings on the Okta side.)

Setting up integration on the Okta side

Go to Reports>Log Streaming and click Add Log Streaming

Select Splunk Cloud and click Next.

Set the Splunk Cloud domain or the token value copied on the Splunk Cloud side.

I tried using the Log Streaming function

We will introduce the situation when actually using the Log Streaming function of the linked Splunk Cloud.

First, click Search & Reporting in Splunk Cloud.

I tried using the Log Streaming function

Go to the search item, enter the search sentence (query used when searching), and click the glasses mark.

example)
index=*
host="macnica○○.oktapreview.com"

If you do a search, you will see logs on the Okta side as shown below.

Summary

This time, we introduced Okta's Log Streaming function and actually linked it with Splunk Cloud. How was it? The Log Streaming function reduces the time lag in log monitoring, making IT system management even easier!

If you are interested in Okta, please contact Macnica.

Inquiry/Document request

In charge of Macnica Okta Co., Ltd.

inquiry Document request

TEL：045-476-2010
E-mail：okta@macnica.co.jp

Mon-Fri 8:45-17:30