2.2.1. MetaAccess Logs

MetaAccess Logs input collects logs from a MetaAccess account with a defined category such as Admin Events, Device Events, or Webhook events and filters.

The below table explains meaning of each field when you create/update a MetaAccess Logs input.

Input Name

Required

Description

Name

Yes

Appropriate unique name for the Input you are creating. This box will not accept the space in name

Interval (seconds)

Yes

Frequency at which Splunk makes an API call to fetch the latest logs. The default value of 300 seconds is recommended for Meta Access logs API. Intervals less than 60 seconds are NOT permitted and will generate an error when saving the input.

Index

Yes

Select the appropriate Index from the dropdown for this input.

Global Account

Yes

Select the Account (that you have created in previous steps) from the drop-down menu.

API Endpoint

Yes

Default value for API Endpoint is “/o/api/v3.1/logs”. Add-on is tested with MetaAccess Get Logs v3.1 only.

Event Category

Yes

Select any of 3 possible event categories for MetaAccess logs – Device, Admin, or Webhook

Number of Days Back

Yes

Enter the number of days prior to configuration day to collect log events.

  • The value can be 1 to 30.

  • Default value: 7.

Filter

No

Optional Parameter. Apply any additional filters that you want to pass on to the Logs API call. Refer to the MetaAccess Get Logs v3.1 API documentation to learn how to apply filters.

Get Logs Filter Example

{
    "events": [
        "access_granted",
        "access_revoked",
        "compliance_check"
    ],
    "agent_types": [
        0,
        2
    ]
}

Get Logs input Example.

images/download/attachments/2568846/Get_Logs_Example.png