Did any one know what naming convention need to onboard the data from Corelight to Splunk?
Do we need this kind of naming convention
conn_<date>_<time>.log
or
conn.log
dns.log
are fine.