Hi,
I'm trying to get Avecto data to my splunk indexer.
The current environment is I have a splunk app that sends WinEvent:Application logs to indexer with some event codes whitelisted.
What I want is I want to create a separate app that collects Avecto log. However Avecto logs only exist in WinEvent:Application but does not exist under applications and services logs. So, I cannot use "Full name" in my inputs.conf stanza.
I found an avecto and splunk integration guide online and tried it ["https://www.beyondtrust.com/docs/privilege.management/documents/mac/pm-splunk-integration-guide-1-0-...].
However, it failed to collect the logs saying "WinEventMon::configure: Failed to find Event Log with channel name="Avecto Defendpoint Service."
Is there anyway I can build my avecto app without chaning my WinEvent:Application app?
Thanks.