Configure the Splunk Integration App
The integration application is available in the Splunkbase. You must log in to your Splunk account to download the application.
Once the new application is installed, follow these steps in the app to configure it:
- In the list of Splunk Apps, click the new BeyondTrust Privileged Remote Access option.
- On the BeyondTrust Privileged Remote Access Inputs page, click Create New Input.
- Enter the required input information:
- Name: Desired unique input name.
- Interval: Desired polling interval. A short polling interval can result in poor performance. At least 60 seconds is recommended.
- Index: Must be beyondtrust_pra. Create this index if it does not already exist.
- PRA Site hostname: Your Privileged Remote Access hostname. Do not include the protocol (https://) or other URL components. This value must be the hostname only. For example, support.example.com.
- Client ID: Your previously configured Client ID.
- Client Secret: Your previously configured Client Secret.
- Click Add.