I'm trying to decide whether I should use a heavy forwarder or a syslog server with universal forwarder to receive data from CyberArk. Can anybody tell me which approach you're using, and how well that's working out for you?
Since the cyberark application can only log syslog data, configure syslog to send the data to a syslog receiver and using a heavy forwarder, push the logs to splunk. this is the most effective way of implementing this solution.