Hello @mbegan
I'm part of the team working on the issue #22 and we have identified another issue, a missing CIM field signature for tagged authentication logs.
Our proposal is to create the new field signature based on captured field displayMessage.
I have tested the proposed successfully and looking forward to have this work, if possible, included in the new version of your Okta TA.
Hello @mbegan I'm part of the team working on the issue #22 and we have identified another issue, a missing CIM field
signature
for tagged authentication logs.Our proposal is to create the new field
signature
based on captured fielddisplayMessage
.I have tested the proposed successfully and looking forward to have this work, if possible, included in the new version of your Okta TA.
Our changes are accessible here: https://gitlab.com/enosysau_socgroup-public/TA-Okta_Identity_Cloud_for_Splunk/-/issues
Regards, Henrique