Hello, I have the same problem on my splunk (all servers are on prem), I installed the app on Heavy Forwarders, Indexers and Search Heads, and I'm receiving all logs but all events are tagged as deepsecurity instead of deepsecurity-antimalware, deepsecurity-firewal.... At the beggining I had the app on Indexers and Search Heads, and Heavy forwarders had a simple app created by me that just monitor the file writted by rsyslog, now I deployed the DeepSecurity app and copy inputs.conf inside. What could I check? Thanks
... View more