I have to onboard Bomgar data to Splunk these are some kind of security logs. I haven't seen any related question and answers here.
First, I have to on board, what is the best practice for the first time onboarding logs.
Any suggestions folks, I haven't found any Apps or TA's for this one.
Thanks in advance
It looks like Bomgar has an integration: https://www.bomgar.com/docs/remote-support/how-to/integrations/splunk/index.htm
There is also this: https://github.com/guilhemmarchand/bomgar-for-splunk
Is it this app is paid or free?
Make sure you set the "big 6" settings and get them right:
TIME_PREFIX=YourPrefixHere
SHOULD_LINEMERGE=false
LINE_BREAKER=YourRegExHere
MAX_TIMESTAMP_LOOKAHEAD=YourOffsetHere
TIME_FORMAT=YourFormatHere
TRUNCATE=9999999
If you don't find an app, you can ask around the community (join slack and hit #general)
How to join in slack, do I need to sign up?
can you share the link with me, please?