TA-linux_secure
Linux Secure Technology Add-On for Splunk
This app provides linux_secure field extractions and normalisation to the Common Information Model.
No configuration is required and it need only be installed on search heads (i.e. contains no index-time transforms).
N.B. This app is intended to replace the security-relevant aspects of the Splunk Add-on for Unix and Linux (Splunk_TA_nix) and as such it's strongly recommended that the Splunk_TA_nix app be removed from your search head before installing this app as they may conflict.
Further documentation is provided in the wiki here: https://github.com/doksu/TA-linux_secure/wiki