We are looking to use Splunk for IDM  monitoring and alerting. Are there any knowledge articles or white papers that talk about the best way to set this up to track server performance, database health, and alerts on outages?

Customers that implement Splunk typically select the server log messages that are most important to their operations to be sent to Splunk. We don't have any whitepapers or specific guidance on the best way to track things in Splunk . Some sites might track every ERROR type message, others may include WARN level as well, and others might pare down to only very cases-specific messages that get thrown into the application server logs.  Since Splunk is third-party and very use-case specific, our customers will sometimes contract with services or residents to help spec out and/or implement Splunk (or similar) logging (please contact your Broadcom account manager). 

Please note that with vAPP there is no internal mechanism for sending the logs directly to SPLUNK because third party agents cannot be installed. With non-vAPP (standalone IDM), you can install Splunk plugins.

With VAPP, there is the central log server that can be used to place the log files outside the vAPP environment where Splunk could then access them. Here is vAPP documentation for log forwarding configuration:

http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-3/virtual-appliance/monitoring-virtual-appliance.html