Beyondtrust Remote support integration to splunk c...

tv00638481 · ‎03-01-2024

Hi,

We tried to integrate beyontrust privileged remote support app integration to splunk for gettting the logs from BT PRA as per the documentation beyondtrust.

https://www.beyondtrust.com/docs/remote-support/how-to/integrations/splunk/configure-splunk.htm

Documentation has some 4-5 steps to configure in data inputs

1.Input name .

2.Client ID & token received from the beyond trust post once they enable the api.

3.PRA site id.

5.index name

6.source type

we have provided these details but we are unable to see the logs coming to Splunk. However, when check in index=_internal able to beyondtrust config logs in Splunk but not the actual event logs from beyond trust pra.

Could you please kindly let me know if anyone has integrated BT PRA and if any troubleshooting steps/guidance to confirm that there is issue from Splunk side so that. will ask the BT team to further check from there end.

This app is not Splunk developed.no support from Splunk.

Thank you & much appreciated for your responses.

tv00638481 · ‎01-17-2025

Yes, i'm also facing similar issue. not resolved.

krish_splunk_99 · ‎08-02-2024

@tv00638481 - Have you got any fix for this issue. I too facing the same. PRA logs not getting updated into splunk.

Beyondtrust Remote support integration to splunk cloud

configuration

troubleshooting

using Splunk Cloud

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?