Skip to main content

Let your data work for you with Jamf and Splunk

Jamf has long acted as the source of truth about Apple deployments. In fact, having real-time data about their fleets is one of the major reasons IT organizations choose Jamf Pro. As enterprises increase their adoption of Apple, it becomes increasingly important to have visibility and insight into the health and status of your devices. Device management and end-point protection tools like Jamf Pro and Jamf Protect generate plenty of data. Data is great, but often we need to summarize, visualize and combine it with other data set to fully understand our environment in ways that can yield actionable insights.

Jamf Pro and Jamf Protect both have native dashboards. Jamf Pro shows Smart Groups, policies and configuration profiles while Jamf Protect has panes for Detections, Insights and more. But for some organizations, that’s not enough. This is where security information and event management (SIEM) and business intelligence (BI) reporting tools come into play.

Splunk is a widely-used solution for data collection, analysis and getting insights into the health of IT environments. Common uses include supporting operational requirements, such as monitoring the average response time of a web site, or gathering and presenting forensic data to support IT and information security teams. Now, it’s never been easier to incorporate Jamf and Apple products into this holistic view of your organization. Jamf Pro can send event data from device configuration and management actions, and Jamf Protect can send events in response to threat detections on computers.

This ultimately results in customizable dashboards that drill down to expose exactly the information required. Placing events on a visual timeline can show trends in your data. Alternatively, alerts allow an organization to be instantly aware of urgent issues. Whether your goal is acting quickly or planning for long-term success, integrating with tools like Splunk can you help with data-driven decisions at all levels of an organization.

Getting started with the Jamf and Splunk integration is simple; all resources can be found on the Splunk listing in the Jamf Marketplace. Jamf has an official Splunk Integration Guide for Jamf Pro and Jamf Protect. For visual learners, the Jamf Pro Reporting Solution Series on YouTube provides step-by-step instructions to build a dashboard from scratch.

And when you’re done, we want you to see what you’ve built (after obscuring sensitive data, of course). Visit the "Show off your Dashboard" thread on Jamf Nation to get inspiration from your fellow admins. And if you’re a Jamf Hero that’s also familiar with Splunk, you might want to check for some new challenges before playing around.

To learn more about Splunk and other Jamf integrations, visit the Jamf Marketplace.