Splunk Add-on for Juniper 1.3.0 version 1.3 release notes indicate that the sourcetype juniper:sslvpn is deprecated.
version 1.3.0 still supports this sourcetype. Will events associated with this sourcetype be re-mapped to another sourcetype in the next version after 1.3.0 ? Do I need to take any action when upgrading from version 1.2.0 to 1.3.0?
By deprecation of juniper:sslvpn sourcetype, it means that it is no longer supported and there won't be any enhancement/fixes to that sourcetype. The add-on still has this sourcetype for the backward compatibility only. So, no additional action required in order to upgrade to 1.3.0.
When a sourcetype is depreciated, is there somewhere I can look to understand why this action was taken. We currently make use of that sourcetype in the Splunk Add-on for Juniper v1.2.0. In doing some testing in our Splunk Dev environment, I found out the hard way that this was the case, as nothing parsed after that upgrade.
What are customers to use, what that data and parsing is still needed?