Searching Jamf Protect Data in Splunk

You can use the Search & Reporting app in Splunk to search data that has been collected by Splunk.

In Splunk, click the Search & Reporting app.
In the Search tab, enter a search using your Jamf Protect source HTTP event collector name:
```
source="http:Your-Event-Collector"
```
(Optional) Use the pop-up menu next to the search bar to adjust the time interval.
Press Return or click the Search button .

Splunk will display event records from the database that match to your search criteria, similar to the following example:

This example returns seven events, which is the number of Jamf Protect alerts reported in the last 24 hours.

	Integrating Splunk with Jamf Pro and Jamf Protect
	July 2022