Stream Logs to Splunk
You can create monitoring, alerting, and analysis dashboards in Splunk for Auth0 tenants. Auth0 provides a dashboard that you can use to visualize the data from your Auth0 tenant. The app allows you to use recommended aggregations from Auth0, or to use them as a starting point to create your own custom visualizations. To learn more, read Use Auth0 App for Splunk.
To send Auth0 events to Splunk, you will need to:
Create Splunk token and copy domain and port information.
Configure the Auth0 event stream.
Create Splunk token
Go to your Splunk instance. Copy the domain name part of the URL, this is your Splunk Domain. (You may have received this information via email upon Splunk signup.)
Go to Systems > Settings > Data Inputs and select Add New under Local Inputs > HTTP Event Collector.
Use the wizard to name this new token. We recommend naming it
Create a new Source type named
auth0, and use
mainas the Index.
Click Review. Review the information displayed and click Submit.
Copy the value displayed. This is your Token. The default Port is
Configure the Auth0 event stream
Go to Dashboard > Monitoring > Streams and click Create Stream.
Select Splunk and enter a unique name for your new stream.
Configure the event source by providing your Domain, Token, and Port. By default, the port of set to
8088but can be changed to match your Splunk configuration. The Verify TLS toggle should be disabled when using self-signed certificates.
When Auth0 writes the next log event, you'll receive a copy of that log event in Splunk with the
service set to
Log into your Splunk instance (in this case, Cloud).
In the menu bar, select App: Cloud Monitoring...
Click Search & Reporting in the sub-menu.
In the search bar, enter the wildcard
*and adjust the time drop-down to the desired window.
Delivery attempts and retries
Auth0 events are delivered to your server via a streaming mechanism that sends each event as it is triggered. If your server is unable to receive the event, Auth0 will try to redeliver it up to three times. If still unsuccessful, Auth0 will log the failure to deliver, and you will be able to see these failures in the Health tab for your log stream.