Beyondtrust Remote support integration to splunk c...

tv00638481 · ‎03-01-2024

Hi,

We tried to integrate beyontrust privileged remote support app integration to splunk for gettting the logs from BT PRA as per the documentation beyondtrust.

https://www.beyondtrust.com/docs/remote-support/how-to/integrations/splunk/configure-splunk.htm

Documentation has some 4-5 steps to configure in data inputs

1.Input name .

2.Client ID & token received from the beyond trust post once they enable the api.

3.PRA site id.

5.index name

6.source type

we have provided these details but we are unable to see the logs coming to Splunk. However, when check in index=_internal able to beyondtrust config logs in Splunk but not the actual event logs from beyond trust pra.

Could you please kindly let me know if anyone has integrated BT PRA and if any troubleshooting steps/guidance to confirm that there is issue from Splunk side so that. will ask the BT team to further check from there end.

This app is not Splunk developed.no support from Splunk.

Thank you & much appreciated for your responses.

krish_splunk_99 · ‎08-02-2024

@tv00638481 - Have you got any fix for this issue. I too facing the same. PRA logs not getting updated into splunk.

Beyondtrust Remote support integration to splunk cloud

configuration

troubleshooting

using Splunk Cloud

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

Alerting Best Practices: How to Create Good Detectors

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...