Anyone know how to configure the Cisco Umbrella Add-on to also send the Umbrella logs to a syslog server?
I've tried the info here (https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Forwarddatatothird-partysystemsd#Sysl...) but I seem to get all data coming into my splunk system, not just the Umbrella logs.
I'm wondering if there's a way to make it work for only the Umbrella data.
Thanks!