I suggest you ...

Include the affected email address in the API json structure as well.

Ingesting in Splunk becomes easier when the unique account is included in the API json data structure. Otherwise you cannot tell these individual disclosures apart.

1 vote
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Yes, I know the email address, however directly ingesting in Splunk or ELK needs some tweaking of the json. For now, I just added '{"Account" : "pwndaccout@mailaddr.com", before every "Title" field. Maybe I'm being a n00b here, because I just started expirimenting with your awesome service.

      Feedback and Knowledge Base