Help

Jamf Splunk Add-On to spew out Policy Logs?

Cats-Team
New Contributor II

Posted on ‎08-24-2023 01:36 PM

So I am trying to figure out if its possible to use the Jamf Splunk Add-On to see if our team can use it view logs for one of our policies, where certain groups can gain temp-admin priv.

From reading the documentation, you can use Splunk to spew out data from an Advanced Computer Searches, which can't cover that need. Or doing a Custom API call referencing from Jamf's classic API documentation

However, haven't been able to find something that will fit the request. Was wondering if anyone knows way to use Splunk to spew out a certain policy log.

0 Kudos
Reply
1 REPLY 1

rqomsiya
Contributor III

Saturday

Hi @Cats-Team ,

The Jamf API doesn't provide detailed policy log information, however, you can use the ComputerPolicyFinished webhook and ship the data to your Splunk HF. This webhooks will report on policy success and failures, if that's all you need to report on. 

See: https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Webhooks.html

 

0 Kudos
Reply