Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I index security logs from Bomgar?

Rocky31
Path Finder
‎11-30-2017 03:06 PM

I have to onboard Bomgar data to Splunk these are some kind of security logs. I haven't seen any related question and answers here.

  1. First, I have to on board, what is the best practice for the first time onboarding logs.

  2. Any suggestions folks, I haven't found any Apps or TA's for this one.

Thanks in advance

0 Karma
Reply

spayneort
Contributor
‎12-01-2017 07:50 AM

It looks like Bomgar has an integration: https://www.bomgar.com/docs/remote-support/how-to/integrations/splunk/index.htm

There is also this: https://github.com/guilhemmarchand/bomgar-for-splunk

0 Karma
Reply

Rocky31
Path Finder
‎12-05-2017 09:42 PM

Is it this app is paid or free?

0 Karma
Reply

woodcock
Esteemed Legend
‎12-01-2017 07:39 AM

Make sure you set the "big 6" settings and get them right:

TIME_PREFIX=YourPrefixHere
SHOULD_LINEMERGE=false
LINE_BREAKER=YourRegExHere
MAX_TIMESTAMP_LOOKAHEAD=YourOffsetHere
TIME_FORMAT=YourFormatHere
TRUNCATE=9999999

If you don't find an app, you can ask around the community (join slack and hit #general)

0 Karma
Reply

Rocky31
Path Finder
‎12-01-2017 02:19 PM

How to join in slack, do I need to sign up?
can you share the link with me, please?

0 Karma
Reply

woodcock
Esteemed Legend
‎12-02-2017 01:09 PM

https://answers.splunk.com/answers/443734/is-there-a-splunk-slack-channel.html

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...