Business Problem:

RHACS logs retrieved in splunk indexes have fields that do not correspond to the ones defined in an TA_stackroxx (Splunk Technical Add-On for ACS). 

Specifically: 

splunk TA_stakroxx is parsing different names fields from the source ( ex: deploymentInfo.clusterName not found in index , but deployment.clusterName found)

The fields defined in the TA_stackroxx do not correspond to those received by the RHACS solution.
Example: Ta_stackroxx parses a deploymentInfo.clusterName field but this field does not exist. We find this naming deployment.clusterName.
RHACS fields do not use "Info" as a suffix.
Would it be possible to update the TA in order to correctly parse these fields?

Speaking with Engineering, I understand it might be possible to build an alias for these fields, so that both (deploymentInfo.clusterName AND deployment.clusterName ) are available.

Use Cases:

The Ta_stackrox is unusable as is, the expected fields deploymentInfo., networkFlowInfo. , violationInfo.* , policyInfo.*  do not exist in the data received (networkFlowInfo., violation{}) or are not correctly named (deployment., policy.*)

the data received from RHACS
incorrectly named or missing 

deployment.clusterId
deployment.clusterName
policy.severity
policy.policyVersion
policy.policySections{}.policyGroups{}.values{}.value
policy.policySections{}.policyGroups{}.fieldName
policy.notifiers{}
policy.name
....

Missing fields and  data: 
networkFlowInfo.* 
...

The attachment contains the list of fields received by RHACS (v4.3) in splunk

Key Functionality:

[Outline the main functions and capabilities of the feature]

Benefits:

[Highlight the benefits/advantages of the suggested feature if not addressed above]]

Acceptance criteria:

[Describe the key features that need to be covered by the feature to be able to satisfy the customer]

Implementation Suggestions (optional):

• Integration: [Specify any existing systems or tools that the new feature should integrate with]

• Dependencies: [Describe any dependencies on other 3rd party integrations or OCP components] 

• User Experience: [Provide suggestions for designing the UI to optimize usability. Highlight other relevant aspects of the user experience ]

Timeline:

[Specify the preferred implementation date or any specific deadlines for the feature implementation]

Please use the following Jira fields to complete this Feature Request

1. [Jira Field] Summary Required: [Provide a clear and concise name/description for the feature]
2. [Jira Field] Description:
3. [Jira Field] Component:
4. [Jira Field] Priority: [Indicate the importance or urgency of the feature on a scale of High, Medium, or Low]

1. [Jira Field] Supporting Documentation:
    

1. [Attach any relevant documents, research, or supporting materials that provide additional context or information]