Okta System Log records events related to your organization and provides an audit trail of platform activity. This input will pull the following Okta Log Event object into Graylog, so you can perform further data analysis on the activity occurring in your organization.
For this input plugin to function as expected, the following items must be supplied in the input configuration:
Your Okta Domain (also known as Okta URL). Copy your domain from the Okta Developer Console. For information on finding your domain, see: https://developer.okta.com/docs/guides/find-your-domain/overview/
The token used to authenticate Graylog’s requests to Okta. Create an API token on the Okta Developer Console. For information on creating an Okta API token, see: https://developer.okta.com/docs/guides/create-an-api-token/overview/
Pull log events since
The lower time bound of the Okta log events. Determines how much historical data Graylog pulls from Okta when the Input starts. If not provided, 1 polling interval of historical data is pulled. The timestamp must be in ISO-8601 format.”
Determines how often Graylog will poll for new data stored in Okta. Cannot be smaller than 5 seconds.
Keyword filter (optional)
The keyword filter is optional and filters log event results. Keyword filters cannot have more than 10 keywords (space-separated) and keywords cannot have more than 40 characters.