rjha-splunk
commented
3 weeks ago We will review this, SC4S provides metadata for sourcetype, source and addon.
Open jnudell opened 1 month ago
rjha-splunk
commented
3 weeks ago We will review this, SC4S provides metadata for sourcetype, source and addon.
jnudell
commented
3 days ago Hi @rjha-splunk, do you have any updates on this? Do you have more technical details regarding why InfoBlox NIOS DNS data is not CIM compliant at this time?
Thanks!
rjha-splunk
commented
3 days ago Hi @jnudell SC4S prepares metadata to handover to TAs.
Can you please elaborate it in detail what is expected from SC4S team including sourcetype override.
The warning was added to mention that although the TA doc says it was not cim compliant (2019), kindly raise a support case for the team to look into details, they can check with the TA development team to provide more details here.
As per current documentation (https://splunk.github.io/splunk-connect-for-syslog/main/sources/vendor/InfoBlox/) InfoBlox NIOS DNS data is not CIM compliant and the current recommendation is to use Splunk Stream (which has not been updated in over a year).
I would like to request that the SC4S team fix the InfoBlox NIOS DNS data to be CIM compliant.