Splunk for FIM 2010 R2

I’m looking into some alternatives on FIM2010 R2 reporting besides the whole SCSM solution, that is quite complex and don`t give you that much of useful reports by default.
So this time, im trying out Splunk with Oxford Computer Group`s Splunk for FIM App.

Installing Splunk

First thing I did was to download the free edition of Splunk here. I`d figure I`ll just install it on my FIM server. (As this was just a quick test on what Splunk can enable me to do).

splunk1

splunk2

splunk3

splunk4

splunk5

splunk6

splunk7

splunk8

splunk9

Installing OCG Splunk for FIM App

Download for free: Splunk for FIM App.
splunk10

splunk11

splunk12

splunk13

Configuring collectlogs.xml

By default you`ll find the scripts here: C:\Program Files\Splunk\etc\apps\OCG_FIM\bin\scripts
splunk14

splunk15

Run CollectLogs.ps1

splunk16

Checkout default reporting features

By default OCG provides you with three main features:

Service Operations
These dashboards give insight into how your Forefront Identity Manager installation is performing and if there are any errors.

Service Level
Gives you the ability to get a perspective on the performance statics from a Service Level Agreement.

Analytics
Allows you to search your data and contains some pre-built reports.

I suspect it`s possible to buy a more comprehensive edition of the app from OCG..(?)

splunk17

Service Operations > Overview
splunk18

Service Operations > Forefront Identity Manager Portal
splunk19

Service Operations > Forefront Identity Manager Synchronization
splunk20

Now. I haven`t tried out the full potential of all the reports yet as my lab is a bit small. I`ll get back with more info on how im using the reports and analytics!