search

Financial-Times / splunk-heroku

Support for Heroku log drains packaged as a Splunk app.
https://tech.in.ft.com/tech-topics/logging/splunk/logging-from-heroku
MIT License
2 stars 0 forks source link

Add Splunk CIM fields for web #39

Closed sjparkinson closed 2 years ago

sjparkinson commented 2 years ago

Based on https://docs.splunk.com/Documentation/CIM/5.0.1/User/Web.

Resolves #38.

Screenshots

image Screenshot 2022-08-03 at 08 42 21
sjparkinson commented 2 years ago

@rowanmanning @alexmuller I'd be interested in your feedback on this change, mainly on the changes to source type names.

The CIM fields make this app compatible with the Splunk Enterprise Security product, I'll work with Cyber Security to integrate it.

sjparkinson commented 2 years ago

Note: valid values for fwd include commas and more than one IP address, e.g. fwd="10.0.0.0, 12.0.0.0,14.0.0.0"...

sjparkinson commented 2 years ago

@mkk19 would you be up for reviewing this one? Happy to run through the changes together!