01-17-2012 01:26 AM
Hi;
I am trying to integrate ironport and splunk for the reporting feature. Have anyone tried with this.
Thanks & Regards
Sreejith R
02-09-2012 01:32 PM
Hi Sreejith
We have few customer being in transition over to Splunk, Please let me know if you have ANY specific questions.
Regards,
Zack
02-10-2012 11:30 AM
Cisco has developed, sells and directly supports a Advanced Reporting for WSA Application for Splunk.
Not only does the application properly extract the various fields in both access and trafmonlogs, but also directly emulates the functionality of on-box reporting while still allowing for additional Splunk searches.
02-22-2012 01:34 AM
Do you have any proper document for doing this. I downloaded the WSA from cisco and added in the splunk. But its not fetching the information from the ironport. Maybe i missed one or two steps. If you have any documents , please share it. it will be very helpful.
Thanks & Regards
Sreejith R
02-22-2012 04:15 AM
There are Install, User and Troubleshooting Guides posted to the Cisco Support portal. The "Install Guide" steps one through the process of importing logs, first time set-up, etc.
The "Troubleshooting Guide" will help diagnose any problems you may be having. In short, I would insure that the data is being properly indexed (search "*" in the logs and make sure fields are properly extracted, eg. acl_tag).
Next, with the fields being properly extracted, you may need a one-time run of the summary script if you have imported historical logs.
All of this is documented in the guides.
~Tim
02-22-2012 05:25 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide