Bringing this thread back up, I wonder if I could ask the BigFix community for some assistance.
The development of this integration would work best if I had as many sources of information with a plethora of events as possible. The different components of BigFix contain a lot of information and will help us paint a great picture of the health of BigFix.
To the community, if you are willing to do it, provide me some log samples of BigFix clients, server logs, audit logs, relay logs, download plug-in logs, web reports logs, and any other logs you may stumble across relating to BigFix.
I strongly recommend the longs are sanitized to remove any trace of where it came from.
Please send any sanitized samples to jimmy at splunk dot com.