We just added a second input in the new Splunk App for Okta, but we would like to have separate dashboards for each Okta data source. Both of the sources go to the same index (index=okta) so the built-in dashboards in the app combine the data. Is there an easy way to have dashboards for each?
The dashboard panels are defined by eventtype.
eventtype=okta-events action.objectType="core.user_auth.account_locked" | stats count(eventId) as value | rangemap field=value low=0-100 high=101-1500 default=severe
↧