Update from yesterday's response -
Our app:
https://splunkbase.splunk.com/app/1727/#/documentation
Prerequisites:
Installation and configuration of the Splunk Add-on for Check Point OPSEC LEA Linux (http://apps.splunk.com/app/1454/) is required.
Then if you check the documentation for the Splunk built OpsecLEA app. the most recent one breaks down the sourcetypes even further, but the indexers remain the same. (opsec, opsec_audit)
http://docs.splunk.com/Documentation/OPSEC-LEA/3.1.0/Install/WhatdatadoestheSplunkAdd-onforCheckPointOPSECLEAcollect
... View more