Hello Everyone,
The issue is that we are collecting CyberArk logs using the CyberArk add on 1.0.0. CyberArk is creating multiple sub directories on the monitored location and we are only capturing what is being written in the 2 vault directories. We feel that we are not capturing all of the CYberArk logs as they create a new directories for every log. The only constant is that all of sub directories are being created in the Directiory folder named xxx. Is there a away that Splunk can just read from the xxx folder and capture all of the logs that being written in the sub directories? We have open a ticket with CyberArk on the CyberArk creating the multiple sub directories but no work able solution has been provided. Please let me know if you need anymore information. Thank you for your help everyone.
↧