Got this TA running without too much issue on a search head that sends this to a remote indexer using an index called "newbox" I can see data with the following source types:
box:users
box:folderCollaboration
box:folder
box:file
box:fileComment
box:fileTask
box:groups
Shouldn't there also be a box:events sourcetype? Essentially I want to set up the same dashboards that I have for Box App for Splunk ie searches for delete events like:
index=box event_type="*delete*" OR event_type="*remove*"| dedup event_id |spath source | table created_at, created_by.name, created_by.login, event_type, source.item_type, source.item_name, source.parent.name | rename created_at as time, created_by.name as user, created_by.login as login,source.item_type as item_type,source.item_name as item_name,source.parent.name as parent_folder
... View more