Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
516
Views
1
Helpful
0
Replies

Firepower eStreamer and Cisco Security Cloud for Splunk

raymng
Level 1
Level 1

‎02-05-2025 05:53 PM

Hi there,

We recently install the Cisco Security Cloud App for Splunk.

I configure the eStreamer services on our FMC (ver 7.4.2.1).

I am seeing Connection Events in Splunk.

According to this article:

https://www.cisco.com/c/en/us/td/docs/security/firepower/741/api/FQE/secure_firewall_estreamer_fqe_guide_740/c_available_fqe.html

there should be fields such as Device and DeviceIP on connection event log.  But I don't see them in the Splunk log.  

In Splunk, I see fields such as DeviceUUID, InitiatorIP, and ResponderIP, etc..

Question:
Do I need to make special configuration changes in FMC on in Splunk to include fields such as DeviceIP?

Or, although the FMC eStreamer has those fields, the Cisco Security Cloud app don't support them?

Thanks in advance.

Labels:
0 Replies 0
Customers Also Viewed These Support Documents