So I am trying to figure out if its possible to use the Jamf Splunk Add-On to see if our team can use it view logs for one of our policies, where certain groups can gain temp-admin priv.
From reading the documentation, you can use Splunk to spew out data from an Advanced Computer Searches, which can't cover that need. Or doing a Custom API call referencing from Jamf's classic API documentation
However, haven't been able to find something that will fit the request. Was wondering if anyone knows way to use Splunk to spew out a certain policy log.