Security information and event management systems offer a view of logs and data associated with an app with additional insights. Configure the Miro app for Splunk to access Miro logs from Splunk and get data visualization and an overview of your data insights.
Available for: Enterprise plan
Generate access token for Miro
In your Miro settings page go to Profile settings > Your apps, agree with terms and conditions and click on Create new app:
The option to create a new app in Profile settings
Then enter an App Name and select a developer team. If you do not have a developer team yet you can create one by following these steps. For more secure access you could check the option Expire user authorization token. Finally, click on Create app:
Creating a new app
After the app has been created scroll down to the Permissions section, select the scope auditlogs:read and click on Install app and get OAuth token:
Installing the app
Then select the team in your Enterprise account which you would like to install this app and fetch audit logs into Splunk. Then click on Install & authorize:
Selecting a team
At this point, you will get your auth token which we will use in the upcoming section to configure Splunk:
Access token
Install Miro app in Splunk
From your Splunk dashboard you can go to manage Apps by clicking on the settings icon as follow:
Manage apps icon
Then on the Apps page click on Browse more apps:
Browse more apps button
Now you can search for the Miro App for Splunk and proceed with the installation by clicking on Install:
Installing Miro app for Splunk
As a first step in the installation, you will be required to enter your credentials and agree with the terms and conditions. Then click on Login and Install:
Accepting terms and conditions
After the app has been installed you might be required to restart Splunk, click on Restart now.
Configure Miro app in Splunk
Once the Miro app is installed you can see it on the Splunk dashboard, to configure it click on Miro App for Splunk:
Miro app for Splunk
First of all, you need to add your Miro Enterprise account, for that go to Configuration > Miro Account and click on Add:
Adding Miro account
Once the connection between Splunk and Miro is completed make sure that Logging > Log level has the following default value:
Log level
Once you finished with the Configuration, proceed to create a new Input for your connector, for that go to Inputs tab and click on Create New Input:
Creating new input
Enter a representative Name for your new Input, define the Interval you want Splunk to fetch data from Miro (by default is every 60 seconds), select the Miro account you added in the previous step, and click on Add:
Creating new input
Please double check that the Input is Enabled, from that moment onwards Splunk will start receiving audit logs from Miro.
Checking the status
Search in Splunk
If you’re interested in which events are being sent to Splunk or you want to check the logs you can go to the Search tab:
-
For Audit logs events, you can filter by
source="miro_audit_logs"and you will see a list of audit logs that were fetched from Miro in the specified time slot:
Miro Audit logs in Splunk
-
For Logs, you can filter by
index="_internal" sourcetype="miroappforsplunk:log"and you will see the list of logs in the specified time slot for the Miro app:
Miro Logs in Splunk
Data visualization in Splunk
Splunk provides you two basics data visualizations to have an overview of your data insights:
-
User Activity: where you can find an overview of your user’s events in Miro accounts. These are:
-
Amount of Events over time, by team and total.
-
Board Events: boards created, boards opened and total.
User activity
-
-
Security Activity: where you can find an overview of your user events in Miro accounts. These are:
-
Login activity: the amount of successful and failed sign-ins.
-
Sharing events: list of users events when sharing boards.
Security activity
-