BlueFletch Enterprise
  • BlueFletch Enterprise
  • Product Guides
    • BlueFletch Launcher
      • Configurable Layouts
        • Layouts
        • Orientation Options
        • Criteria
        • Widgets
        • Implied Groups
        • Kiosk Mode
        • Persistent Foreground App
        • Password Protected Applications
        • Quick Start Applications Folder
        • Layout Custom Actions
        • Replacement Values
        • Assets Manager
      • Theming
        • Configure Theme
        • Site-Specific Theming
        • Custom Field Display
      • Site Information Service
      • Custom Intents
        • Standard Android Intents
        • Platform Actions
        • Filtering
        • Technical Guide
      • Security and Safety
        • Clear App Data on Logout
        • Application Enabler
        • Disable Packages
        • Key Management
        • NFC Enable/Disable
        • Secure Notifications
        • Wi-Fi UI Settings Enable/Disable
        • Motion Activated Device Lock
        • Unique Login
        • Local Admin Password
        • Device Remote Lock
      • Device Loss Prevention
        • Low Battery Mode
        • Luggage Tag Mode
        • Secure Device Mode
      • Launcher Provider SDK
      • Load Configurations via QR Code Scan
      • Getting Started
      • Technical Guide
      • Release Notes
    • Authentication and SSO
      • Features
        • Secondary Authentication
          • PIN
          • Face Recognition
          • NFC Tag
          • Barcode
          • Alternate Secondary Authentication
      • Technical Guide
        • LDAP
        • AppAuth/OIDC
        • Okta (Session)
        • MSAL
        • ADFS 3.0/2012 Using ADAL
      • Release Notes
    • Support Application
      • Features
        • Events to Splunk
        • Logs to Azure
        • External Configuration Support
        • Application Usage History
        • Generating RxLogger Log Files
      • Technical Guide
        • Event Information
        • Event Examples
      • Support Installer
      • Getting Started
      • Release Notes
    • Device Finder
      • Features
        • Device Details
        • Device Status
        • View Site Devices
      • Technical Guide
      • Getting Started
      • Release Notes
    • Browser
      • Features
        • Custom Scripts
        • FIDO2 / Webauthn Support
        • URL AllowList and BlockList
      • Technical Guide
        • Configuring Browser
        • All Configuration
        • Available Intents
        • APIs and Page Actions
      • Release Notes
    • Chat
      • Features
      • Technical Guide
      • Getting Started
      • Release Notes
    • Playbook Agent
      • Features
      • Getting Started
      • Release Notes
    • Portal
      • Login & Logout
      • Navigation & Account Settings
      • Support Agent
        • Home
        • Device Details
        • Dashboards
        • Cards
        • Event Explorer
        • Reports
      • Enterprise Launcher
        • Creating a Configuration
        • Sending a Notification
        • Managing Sites
      • Playbook MDM
        • Playbooks
        • Plays
        • Devices
        • Deployment Groups
        • Zebra StageNow
      • EMM Console
        • Overview
        • Setup
          • Enroll Org in EMM
          • Policy Management
          • Provisioning
          • Device Management
          • Installing Playbook in EMM
        • Troubleshooting
          • Device Issues
          • Policy Issues
      • Chat Manager
        • Overview
        • Chat Roles
        • Chat Channels
        • Chat Audio Transcription
        • Message Logs
      • Admin
        • Organization
        • Single Sign On
          • Azure Setup
          • Okta Setup
          • Google Workspace Setup
          • Portal Setup
        • Users
        • Roles
          • Overview
          • Predefined Roles
          • Permissions
          • Manage Roles
        • Downloads
        • Agents
        • Key Management
          • Overview
          • API Keys
          • Device Keys
          • Device Restrictions
          • Allowed IP Addresses
        • Enterprise
        • Audit Logs
      • Event Forwarding
      • Remote Control
      • Getting Started
      • Release Notes
    • Other Applications
      • Messaging
        • Features
        • Technical Guide
        • Release Notes
      • Keyboard
        • Features
        • Technical Guide
          • How to: Set Keyboard as default
        • Release Notes
      • Bluetooth
        • Features
        • Release Notes
      • Voice Chat
        • Features
        • Release Notes
      • Device Remote Control
        • Features
        • Technical Guide
        • Release Notes
      • Device ID
        • Features
        • Technical Guide
        • Release Notes
      • Suite Installer
        • Technical Guide
        • Release Notes
      • Accessibility Enabler
        • Release Notes
      • EPM Plugin
        • Features
        • Technical Guide
        • Release Notes
    • Workforce Identity
  • Technical Documentation
    • Updating License Key
    • Commonly Reported Issues
    • Deploying BlueFletch Enterprise
      • Android 10 and 11
      • MDMs
        • Workspace One (VMWare AirWatch)
        • SOTI
        • Microsoft Intune
          • Microsoft Intune + Playbook
      • From Portal to Playbook Agent
Powered by GitBook
On this page
  • Overview
  • User Guide
  • Feature Configuration
  • Bypassing SSL Certificate Issues
  • Setting Up the Event Data Location
  • Setting Up the HEC Authorization Token
  • Configuring the API Path
  • Putting It All Together
  1. Product Guides
  2. Support Application
  3. Features

Events to Splunk

This Support Application feature enables sending event data directly from the device to Splunk.

Overview

Support Application collects and sends information to the BlueFletch Portal to help organizations leverage mobile business intelligence for informed, data-driven decision-making. However, some organizations may have specific data collection and management requirements, such as GDPR compliance for EU customers. In such cases, organizations may choose to use third-party tools like Splunk for data collection and management, which can be more scalable and offer additional features.

To facilitate integration with Splunk, the Events to Splunk feature provides a method of sending events directly from the device to the desired Splunk instance via the HTTP Event Collection endpoint. This allows organizations to analyze device data using their preferred tools and services while maintaining compliance with GDPR regulations.

User Guide

  1. To enable the Events to Splunk feature, you need to configure the following basic values:

  • ignoreSSLCerts: Set to True to bypass SSL Cert issues with Splunk

  • splunkUrl: The Splunk Host / Port to send event data

  • splunkAuthToken - HEC authorization token

  • splunkApiPath - collector path, typically services/collector/raw

  1. Once the feature is enabled, the Support Application will start sending event data to Splunk. The event data will be stored in Splunk in a format that can be easily analyzed.

Feature Configuration

To set up Events to Splunk for a particular device profile or device group, please follow the steps below:

Bypassing SSL Certificate Issues

To enable the Events to Splunk feature, add a ignoreSSLCerts configuration section in the Support Application JSON file. Setting the value to true will bypass any SSL Certificate issues when sending events to Splunk:

{
      ...
    "emsSupportTool" : {
        ...
        "ignoreSSLCerts": true
    }
     ...
}

Setting Up the Event Data Location

To configure the exact location Splunk instances should be sent, specify the host and port as shown below:

{
      ...
    "emsSupportTool" : {
        ...
        "splunkUrl": "https://input-prd-p-xq37wf7l8c7l.cloud.splunk.com:8088"
    }
     ...
}

Setting Up the HEC Authorization Token

To enable sending event data to Splunk, define the authorization token to enable sending event data to Splunk using the HEC endpoint. Use the example configuration below as a guide:

{
      ...
    "emsSupportTool" : {
        ...
        "splunkAuthToken": "adkkdkd-043c-4936-8f1b-1askldsakl"
    }
     ...
}

Configuring the API Path

To send Splunk instances to the defined HEC endpoint, enter the API path that Support Application has to use:

{
      ...
    "emsSupportTool" : {
        ...
        "splunkApiPath" : "services/collector/raw"
    }
     ...
}

Putting It All Together

For the example described above, the full configuration for Events to Splunk is as follows:

{
      ...
    "emsSupportTool" : {
        ...
        "ignoreSSLCerts": true,
        "splunkUrl": "https://input-prd-p-xq37wf7l8c7l.cloud.splunk.com:8088",
        "splunkAuthToken": "adkkdkd-043c-4936-8f1b-1askldsakl",
        "splunkApiPath" : "services/collector/raw",
    }
     ...
}

Events to Splunk was introduced in Support Application 5.4.4.

PreviousFeaturesNextLogs to Azure

Last updated 1 year ago