In our organization other technical teams are using Splunk quite a lot, after looking into one of our use cases we’re looking to automate I stumbled upon this application on Splunkbase for monitoring robot events on Splunk.
Does anyone here have any experience using this? Is it as useful as the videos and descriptions make it sound? And is it compatible with Automation Suite versions of UiPath Orchestrator? I’ve not managed to find anything conclusive about that last part.
Hi @manderss ,
Thanks for reaching out to Community.
Yes, Splunk is compatible with UiPath Automation Suite versions of Orchestrator.
To integrate Splunk with UiPath Orchestrator, you can use the UiPath Log Forwarder tool, which sends Orchestrator logs to Splunk in real-time. The Log Forwarder is available in the UiPath Marketplace and is compatible with UiPath Automation Suite versions of Orchestrator.
Once the Log Forwarder is set up, you can configure Splunk to parse the incoming Orchestrator logs and create alerts, dashboards and reports based on the data.
If it helps you please mark this as a solution. 
Happy Automation.
Regards,
@pratik.maskar
I just searched for the UiPath Log Forwarder on the UiPath Marketplace, I cannot find anything called that. Does it exist under a different name perhaps? These are my full search results on the Marketplace:
On another note, I stumbled upon this documentation page for Automation Suite: Forwarding application logs to Splunk
Would setting that up also send the robot logs to Splunk? Or is it just backend-related logs that will be sent? The documentation is not very clear on that point.
Hi @manderss ,
The setup can help you better manage and analyze the logs generated by the Orchestrator backend (such as API requests, job execution status, errors, etc.), it does not include the logs generated by the UiPath Robots (i.e., front-end logs) that are running on the endpoints.
So, to summarize, “Forwarding application logs to Splunk” documentation page explains us to forward the Orchestrator backend logs to Splunk, while the UiPath Log Forwarding Tool is used to forward the UiPath Robots logs to Splunk.
Regards,
@pratik.maskar
Where can I find this UiPath Log Forwarding Tool? It is not available on the Marketplace and I cannot find anything with that name when I search for it on Google either.
There is not a single reference to such a tool at docs.uipath.com either.
Hi @manderss ,
I checked it and even I couldnt locate the forwarding tool and it was strange to read it in the docs. But we can go for Kibana, turbotic and Pointee which are other paid tools which will give us the desired results.
Regards,
@pratik.maskar
@manderss I’m working on the same thing. My org uses splunk cloud and UiPath cloud and it seems there are some different instructions for cloud vs on-prem on both sides.
What I was finding with Orchestrator cloud was that I was getting batches of events about every 50 minutes and we have some tight SLAs where we need better notification of bot failures, so that wasn’t going to work out for alerting.
What I’m trying to test at the moment is configuring a webhook in Orchestrator that sends to a splunk HTTP Event Collector (HEC) and it seems I have to have Query String Auth set up. That’s not something I could do with the free splunk cloud account I was testing with, so on to testing in production!
I’ve been working off of this set of documentation for the app and no luck yet (waiting for my splunk admin to change the auth type still): rpm_app_for_splunk/uipath_webhooks_config.MD at main · splunk/rpm_app_for_splunk (github.com)
That’s a shame that it has such a big delay. Has it been any helpful with providing good tools for searching through robot logs based on log fields and such in a more detailed way than what one can do in UiPath Orchestrator? If so that would be a huge win in my book. As much as I hate to say this as a fan of proper automated tests and such: Push to prod pray to God does pay off sometimes, let’s hope for the best in this case! 
From a pure technical perspective, my thinking is that Orchestrator on Automation Suite behaves pretty much the same as Cloud Orchestrator with sending out webhooks, authentication to Orchestrator APIs etc. Meaning that whatever input/output is needed for this application to work with the cloud version of Orchestrator should apply here as well? Since I suppose one cannot set up the Splunk Universal Forwarder on a UiPath Cloud Orchestrator as mentioned here
It would be lovely if you could keep us posted on the progress of your experiments here! Really eager to hear about your findings. I’ll do the same if we get around to trying this out, although that might be one or two sprints away at least.
