Forum Discussion
No RepliesBe the first to reply
I noticed that the Splunk documentation on this site says that this should support multiple environments (s) - looking at the code in the python scripts though it looks like it doesn't?
SailPoint IIQ version: 8.1p3 Splunk version: 8.0.9 TA version: 2.0.5
After reviewing the Splunk Plugin code (the Python code which Splunk uses to read data from SailPoint), I noticed the following bits of information:
Splunk/etc/apps/Splunk_TA_sailpoint is the plugin directory where the plugin derives its files. Splunk/etc/apps/Splunk_TA_sailpoint/bin/input_module_sailpoint_identityiq_auditevents.py – this is the file in question that caught my attention.