Getting Data In

How can I index security logs from Bomgar?

Rocky31
Path Finder

I have to onboard Bomgar data to Splunk these are some kind of security logs. I haven't seen any related question and answers here.

  1. First, I have to on board, what is the best practice for the first time onboarding logs.

  2. Any suggestions folks, I haven't found any Apps or TA's for this one.

Thanks in advance

0 Karma

spayneort
Contributor
0 Karma

Rocky31
Path Finder

Is it this app is paid or free?

0 Karma

woodcock
Esteemed Legend

Make sure you set the "big 6" settings and get them right:

TIME_PREFIX=YourPrefixHere
SHOULD_LINEMERGE=false
LINE_BREAKER=YourRegExHere
MAX_TIMESTAMP_LOOKAHEAD=YourOffsetHere
TIME_FORMAT=YourFormatHere
TRUNCATE=9999999

If you don't find an app, you can ask around the community (join slack and hit #general)

0 Karma

Rocky31
Path Finder

How to join in slack, do I need to sign up?
can you share the link with me, please?

0 Karma

woodcock
Esteemed Legend
0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...