Articles in this section

Miro app for Splunk

Vlada
  • Updated

Security information and event management systems offer a view of logs and data associated with an app with additional insights. Configure the Miro app for Splunk to access Miro logs from Splunk and get data visualization and an overview of your data insights.

Available for: Enterprise plan

In this article:

  1. Generate access token for Miro
  2. Install Miro app in Splunk
  3. Configure Miro app in Splunk
  4. Search in Splunk
  5. Data visualization in Splunk

Generate access token for Miro

In your Miro settings page go to Profile settings > Your apps, agree with terms and conditions and click on Create new app:

Screenshot_2021-05-20_at_09.31.29.png
The option to create a new app in Profile settings

Then enter an App Name and select a developer team. If you do not have a developer team yet you can create one by following these steps. For more secure access you could check the option Expire user authorization token. Finally, click on Create app:

mceclip0.png
Creating a new app

After the app has been created scroll down to the Permissions section, select the scope auditlogs:read and click on Install app and get OAuth token:

mceclip1.png
Installing the app

Then select the team in your Enterprise account which you would like to install this app and fetch audit logs into Splunk. Then click on Install & authorize:

mceclip2.png
Selecting a team

At this point, you will get your auth token which we will use in the upcoming section to configure Splunk:

Frame_1__52_.png
Access token

Install Miro app in Splunk

From your Splunk dashboard you can go to manage Apps by clicking on the settings icon as follow:

mceclip3.png
Manage apps icon

Then on the Apps page click on Browse more apps:

mceclip4.png
Browse more apps button

Now you can search for the Miro App for Splunk and proceed with the installation by clicking on Install:

mceclip5.png
Installing Miro app for Splunk

As a first step in the installation, you will be required to enter your credentials and agree with the terms and conditions. Then click on Login and Install:

mceclip6.png
Accepting terms and conditions

After the app has been installed you might be required to restart Splunk, click on Restart now.

Configure Miro app in Splunk

Once the Miro app is installed you can see it on the Splunk dashboard, to configure it click on Miro App for Splunk:

mceclip7.png
Miro app for Splunk

First of all, you need to add your Miro Enterprise account, for that go to Configuration > Miro Account and click on Add:

Screenshot_2021-08-05_at_16.40_1.png

Here provide a representative name for your Miro account, enter the Access token you got in the previous steps and click on Add:
Frame_1__54_.png
Adding Miro account

Once the connection between Splunk and Miro is completed make sure that Logging > Log level has the following default value:

mceclip8.png
Log level 

Also, make sure that Additional Settings > Audit Logs Endpoint has the following default value:

mceclip9.png
Audit Logs Endpoint

Once you finished with the Configuration, proceed to create a new Input for your connector, for that go to Inputs tab and click on Create New Input:

mceclip10.png
Creating new input

Enter a representative Name for your new Input, define the Interval you want Splunk to fetch data from Miro (by default is every 60 seconds), select the Miro account you added in the previous step, and click on Add:

mceclip11.png
Creating new input

Please double check that the Input is Enabled, from that moment onwards Splunk will start receiving audit logs from Miro.

Frame_1__55_.png
Checking the status

Search in Splunk

If you’re interested in which events are being sent to Splunk or you want to check the logs you can go to the Search tab:

  • For Audit logs events, you can filter by source="miro_audit_logs" and you will see a list of audit logs that were fetched from Miro in the specified time slot:
    Frame_1__56_.png
    Miro Audit logs in Splunk

  • For Logs, you can filter by index="_internal" sourcetype="miroappforsplunk:log" and you will see the list of logs in the specified time slot for the Miro app:
    Frame_1__57_.png
    Miro Logs in Splunk

Data visualization in Splunk

Splunk provides you two basics data visualizations to have an overview of your data insights:

  • User Activity: where you can find an overview of your user’s events in Miro accounts. These are:

    • Amount of Events over time, by team and total.

    • Board Events: boards created, boards opened and total.
      mceclip12.png
      User activity

  • Security Activity: where you can find an overview of your user events in Miro accounts. These are:

    • Login activity: the amount of successful and failed sign-ins.

    • Sharing events: list of users events when sharing boards.
      mceclip13.png
      Security activity

Was this article helpful?
Yes, thanks Not really
Sorry about that! Why wasn't the article helpful?
If you would like to get a reply from the Miro Support team, please create a ticket here
Thank you for your feedback!
Error! Please try later...
Return to top

Related articles