https://community.cisco.com/t5/web-security/ironport-integration-with-splunk/m-p/1872429#M2135 <HTML><HEAD></HEAD><BODY><P>Cisco has developed, sells and directly supports a Advanced Reporting for WSA Application for Splunk.&nbsp; </P><P></P><P>Not only does the application properly extract the various fields in both access and trafmonlogs, but also directly emulates the functionality of on-box reporting while still allowing for additional Splunk searches.</P></BODY></HTML> Fri, 10 Feb 2012 19:30:32 GMT tidavids 2012-02-10T19:30:32Z https://community.cisco.com/t5/web-security/ironport-integration-with-splunk/m-p/1872427#M2133 <P>Hi;</P><P></P><P>&nbsp;&nbsp;&nbsp; I am trying to integrate ironport and splunk for the reporting feature. Have anyone tried with this.</P><P></P><P>Thanks &amp; Regards</P><P>Sreejith R</P> Tue, 17 Jan 2012 09:26:23 GMT https://community.cisco.com/t5/web-security/ironport-integration-with-splunk/m-p/1872427#M2133 sreejith_r 2012-01-17T09:26:23Z https://community.cisco.com/t5/web-security/ironport-integration-with-splunk/m-p/1872428#M2134 <HTML><HEAD></HEAD><BODY><P>Hi Sreejith</P><P></P><P>We have few customer being in transition over to Splunk, Please let me know if you have ANY specific questions.</P><P></P><P></P><P>Regards,</P><P>Zack</P></BODY></HTML> Thu, 09 Feb 2012 21:32:04 GMT https://community.cisco.com/t5/web-security/ironport-integration-with-splunk/m-p/1872428#M2134 Atazazuddin Shaikh 2012-02-09T21:32:04Z https://community.cisco.com/t5/web-security/ironport-integration-with-splunk/m-p/1872429#M2135 <HTML><HEAD></HEAD><BODY><P>Cisco has developed, sells and directly supports a Advanced Reporting for WSA Application for Splunk.&nbsp; </P><P></P><P>Not only does the application properly extract the various fields in both access and trafmonlogs, but also directly emulates the functionality of on-box reporting while still allowing for additional Splunk searches.</P></BODY></HTML> Fri, 10 Feb 2012 19:30:32 GMT https://community.cisco.com/t5/web-security/ironport-integration-with-splunk/m-p/1872429#M2135 tidavids 2012-02-10T19:30:32Z https://community.cisco.com/t5/web-security/ironport-integration-with-splunk/m-p/1872430#M2136 <HTML><HEAD></HEAD><BODY><P> Do you have any proper document for doing this. I downloaded the WSA from cisco and added in the splunk. But its not fetching the information from the ironport. Maybe i missed one or two steps. If you have any documents , please share it. it will be very helpful.</P><P></P><P>Thanks &amp; Regards</P><P>Sreejith R</P></BODY></HTML> Wed, 22 Feb 2012 09:34:14 GMT https://community.cisco.com/t5/web-security/ironport-integration-with-splunk/m-p/1872430#M2136 sreejith_r 2012-02-22T09:34:14Z https://community.cisco.com/t5/web-security/ironport-integration-with-splunk/m-p/1872431#M2137 <HTML><HEAD></HEAD><BODY><P>There are Install, User and Troubleshooting Guides posted to the Cisco Support portal.&nbsp; The "Install Guide" steps one through the process of importing logs, first time set-up, etc.</P><P></P><P>The "Troubleshooting Guide" will help diagnose any problems you may be having.&nbsp; In short, I would insure that the data is being properly indexed (search "*" in the logs and make sure fields are properly extracted, eg. acl_tag).</P><P></P><P>Next, with the fields being properly extracted, you may need a one-time run of the summary script if you have imported historical logs.&nbsp; </P><P></P><P>All of this is documented in the guides.</P><P></P><P>~Tim</P></BODY></HTML> Wed, 22 Feb 2012 12:15:13 GMT https://community.cisco.com/t5/web-security/ironport-integration-with-splunk/m-p/1872431#M2137 tidavids 2012-02-22T12:15:13Z https://community.cisco.com/t5/web-security/ironport-integration-with-splunk/m-p/1872432#M2138 <HTML><HEAD></HEAD><BODY><P>Hi Sreejith</P><P></P><P> </P><P></P><P>Enclosing a step by step document please let me know if you have ANY specific questions after reviewing this.</P><P></P><P> </P><P></P><P> </P><P></P><P>Regards,</P><P></P><P>Zack</P></BODY></HTML> Wed, 22 Feb 2012 13:25:59 GMT https://community.cisco.com/t5/web-security/ironport-integration-with-splunk/m-p/1872432#M2138 Atazazuddin Shaikh 2012-02-22T13:25:59Z