I am missing all idm-core logs in Splunk and they are missing from all of our tenants. They can be found using a cURL command in Postman to both /monitor/logs and /monitor/logs/tail. The log sources in the ForgeRock Splunkbase input is am-everything,idm-everything. I’ve tried adding idm-core explicitly, but the logs are still missing. I’m thinking it may be an issue with the Splunkbase app.
Is anyone able to get idm-core logs in Splunk? If so, how do you have your log source input configured?