From f1299990b2b732c18a4e61b67dee6bcfcc0b06b3 Mon Sep 17 00:00:00 2001
From: Ahmed Shawky <ahmedelantry@gmail.com>
Date: Sun, 26 Jul 2020 16:55:13 +0400
Subject: [PATCH] Point splunk to the right osquery path

---
 Vagrant/bootstrap.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Vagrant/bootstrap.sh b/Vagrant/bootstrap.sh
index 8ebc2c3..637ba00 100644
--- a/Vagrant/bootstrap.sh
+++ b/Vagrant/bootstrap.sh
@@ -303,8 +303,8 @@ install_fleet_import_osquery_config() {
     done
 
     # Add Splunk monitors for Fleet
-    /opt/splunk/bin/splunk add monitor "/opt/kolide-quickstart/osquery_result" -index osquery -sourcetype 'osquery:json' -auth 'admin:changeme'
-    /opt/splunk/bin/splunk add monitor "/opt/kolide-quickstart/osquery_status" -index osquery-status -sourcetype 'osquery:status' -auth 'admin:changeme'
+    /opt/splunk/bin/splunk add monitor "/var/log/kolide/osquery_result" -index osquery -sourcetype 'osquery:json' -auth 'admin:changeme'
+    /opt/splunk/bin/splunk add monitor "/var/log/kolide/osquery_status" -index osquery-status -sourcetype 'osquery:status' -auth 'admin:changeme'
   fi
 }