add custom props.conf for Splunk TA for Zeek and update logger_bootstrap

Vagrant/logger_bootstrap.sh

@@ -195,6 +195,10 @@ install_splunk() {
     cp /vagrant/resources/splunk_server/windows_ta_props.conf /opt/splunk/etc/apps/Splunk_TA_windows/default/props.conf
     cp /vagrant/resources/splunk_server/sysmon_ta_props.conf /opt/splunk/etc/apps/TA-microsoft-sysmon/default/props.conf
 
+    # Add props.conf to Splunk Zeek TA to properly parse timestamp
+    # and avoid grouping events as a single event
+    cp /vagrant/resources/splunk_server/zeek_ta_props.conf /opt/splunk/etc/apps/Splunk_TA_bro/local/props.conf
+
     # Add custom Macro definitions for ThreatHunting App
     cp /vagrant/resources/splunk_server/macros.conf /opt/splunk/etc/apps/ThreatHunting/default/macros.conf
     # Fix props.conf in ThreatHunting App