Is the Apache Add-on falling out of favor?
- It hasn't been updated since 1.0.0 release
- It doesn't officially support 7.3 or 8.0 (though unofficially it works fine)
- Splunk can natively parse apache logs using the access_combined and apache_error pretrained sourcetypes
- If you need more thorough CIM mapping than the pretrained sourcetypes offer, then there's an unofficial 'Add-on for Access Combined' available on splunkbase that does the job with fewer field extractions than the Apache add-on, and without the need for another sourcetype