IHAC that is trying to ingest logs from their self-hosted Trellix instance. When I try to add an account, the URL field only lists:
There is no other input field to specify an actual FQDN/IP. Am I missing something, or is this feature not present?
Hi @PReynoldsBitsIO,
URL options are specified in $SPLUNK_HOME/etc/apps/Trellix_Splunk/appserver/static/js/build/globalConfig.json:
...
{
"field": "url",
"label": "URL",
"help": "Select a unique URL for this account. Refer to https://docs.trellix.com/ to get specific FQDN and Region for your account",
"required": true,
"type": "singleSelect",
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "https://arevents.manage.trellix.com",
"label": "Global"
},
{
"value": "https://areventsfrk.manage.trellix.com",
"label": "Frankfort"
},
{
"value": "https://areventsind.manage.trellix.com",
"label": "India"
},
{
"value": "https://areventssgp.manage.trellix.com",
"label": "Singapore"
},
{
"value": "https://areventssyd.manage.trellix.com",
"label": "Sydney"
}
]
}
},
...
You may be able to add custom endpoints to this file following the pattern shown, but I recommend contacting the app developer directly to confirm. You can find their email address on the contact tab of other apps they've developed: https://splunkbase.splunk.com/apps?author=lgodoy