Question: Okta Logs

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
Cant find any documentation about uploading Okta API logs to Graylog.

2. Describe your environment:

• OS Information:
  Ubuntu on EC2, 50 GiB, 4 vCPU
  Graylog v5.1

3. What steps have you already taken to try and solve the problem?
followed this guide with no success:

4. How can the community help?
What should be done to create the integration?

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

What is the volume of data you need to ingest in total? The enterprise version of Graylog (including the free 2GB license) has a built in okta input that is dirt simple to setup. Okta Log Events Input

I dont have the enterprise version, unfortunately.
I will need to save 6 months of logs… I guess it’s at least 50 GB. Not sure.

50gb a day, or 50 gb for 6 months?

6 month

I would also say that I have made a script to use the Okta API and save the logs to a JSON file, but could not understand what to do next

So if your under 60GB over 30 days, specifically 2gb a day, you could use the free enterprise version and just use the enteprise input.

If not and your script saves to a text file, then use filebeat to read that into graylog, and then the parse_json and flatten_json functions in pipelines to parse the json.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.