Update VectraAI Data Integration to new Add-On (currrent one used by SC4S is deprecated)

[LennardMa]

Note: If your issue is not a bug or a feature request, please raise a support ticket through our support portal (Splunk.com > Support > Support Portal). This will help us resolve your issue more efficiently and provide you with better assistance. For more information on how to work with the Splunk Support, please refer to this guide.

What is the sc4s version?

3.33.1

Is there a pcap available? If so, would you prefer to attach it to this issue or send it to Splunk support?

What the vendor name?

Vectra

What's the product name?

Cognito

If you're requesting support for a new vendor, do you have any preferences regarding the default index and sourcetype for their events?

Do you have syslog documentation or a manual for that device??

Feature Request description:

Currently SC4S uses the old and deprecated "Technology Add-On for Vectra Cognito" instead of the current "Technology Add-On for Vectra Detect (JSON)" at https://splunkbase.splunk.com/app/5271 Please either disable the old add-on or update to the new vendor supported add-on.

Do you want to have it for local usage or prepare a github PR?

[LennardMa]

@cwadhwani-splunk Hello, I now have a pcap that i captured and the custom syslog parser that Splunk AE build, where should I send it to?

[cwadhwani-splunk]

Could you please create a Splunk support ticket and attach the details there? Once done you can provide the support ticket number/ID here.

[LennardMa]

Hello, the ID is 3666484, thanks a lot!

[cwadhwani-splunk]

Hi @LennardMa
Thanks for the details, I ll take a look as soon as possible and will provide you an update here by next week.

[cwadhwani-splunk]

We have raised a PR supporting the JSON formatted logs. We will close this ticket once the PR is merged.

[cwadhwani-splunk]

The support is added in the latest release v3.35.0, hence closing this GitHub issue.