Thanks Will for your prompt response. Worked with Splunk Support. Unfortunately, Splunk Support cannot add the TA to cloud because it has not been verified for cloud usage. They also had no means of identifying who were the developers to work with for vetting, and there isn't a link to a repo site for the app. We have similar thoughts you mention-- we are investigating adding the TA to one of our forwarders. However, we are looking for a more permanent solution. The TA when it worked on Cloud took advantage of the HEC. The API keys were easily maintained through the TA, and it was centrally located within the HEC UI console. Having it centrally managed through cloud increased accessibility to cloud admins for support (which, in my organization's staffing model, is a larger group than the admins supporting the forwarder.)
... View more
