<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Trying to pull data from IPS using SDEE in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Trying-to-pull-data-from-IPS-using-SDEE/m-p/173578#M34930</link>
    <description>&lt;P&gt;How to pull data from Cisco IPS into Splunk. I tried using SDEE pool query but it did not work. &lt;/P&gt;

&lt;P&gt;Any help on this would be great.&lt;/P&gt;

&lt;P&gt;(for customer kiqbal @ Sega)&lt;/P&gt;</description>
    <pubDate>Wed, 21 May 2014 10:28:18 GMT</pubDate>
    <dc:creator>vhallan_splunk</dc:creator>
    <dc:date>2014-05-21T10:28:18Z</dc:date>
    <item>
      <title>Trying to pull data from IPS using SDEE</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Trying-to-pull-data-from-IPS-using-SDEE/m-p/173578#M34930</link>
      <description>&lt;P&gt;How to pull data from Cisco IPS into Splunk. I tried using SDEE pool query but it did not work. &lt;/P&gt;

&lt;P&gt;Any help on this would be great.&lt;/P&gt;

&lt;P&gt;(for customer kiqbal @ Sega)&lt;/P&gt;</description>
      <pubDate>Wed, 21 May 2014 10:28:18 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Trying-to-pull-data-from-IPS-using-SDEE/m-p/173578#M34930</guid>
      <dc:creator>vhallan_splunk</dc:creator>
      <dc:date>2014-05-21T10:28:18Z</dc:date>
    </item>
    <item>
      <title>Re: Trying to pull data from IPS using SDEE</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Trying-to-pull-data-from-IPS-using-SDEE/m-p/173579#M34931</link>
      <description>&lt;P&gt;It's old and outdated, but might work: &lt;A href="http://apps.splunk.com/app/528/"&gt;http://apps.splunk.com/app/528/&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 21 May 2014 11:38:35 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Trying-to-pull-data-from-IPS-using-SDEE/m-p/173579#M34931</guid>
      <dc:creator>alacercogitatus</dc:creator>
      <dc:date>2014-05-21T11:38:35Z</dc:date>
    </item>
    <item>
      <title>Re: Trying to pull data from IPS using SDEE</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Trying-to-pull-data-from-IPS-using-SDEE/m-p/173580#M34932</link>
      <description>&lt;P&gt;If this answered your question, please accept it. Thanks!&lt;/P&gt;</description>
      <pubDate>Tue, 27 May 2014 13:54:51 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Trying-to-pull-data-from-IPS-using-SDEE/m-p/173580#M34932</guid>
      <dc:creator>alacercogitatus</dc:creator>
      <dc:date>2014-05-27T13:54:51Z</dc:date>
    </item>
    <item>
      <title>Re: Trying to pull data from IPS using SDEE</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Trying-to-pull-data-from-IPS-using-SDEE/m-p/173581#M34933</link>
      <description>&lt;P&gt;You can use the app mentioned by alacercogiltatus.  Take note that the app only works for Splunk version 5 and below.  So, if you have Splunk 6, this app will not work out of the box.  You can use a Splunk 5.x Heavy Forwarder to get information from your IPS and then forward to a Splunk 6 indexer.  Or, this thread has a potential workaround for you as well to use IPS with Splunk 6 -&amp;gt; &lt;A href="http://answers.splunk.com/answers/105193/cisco-ips-error-errno-8?page=1&amp;amp;focusedAnswerId=135759#135759"&gt;http://answers.splunk.com/answers/105193/cisco-ips-error-errno-8?page=1&amp;amp;focusedAnswerId=135759#135759&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 27 May 2014 14:51:17 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Trying-to-pull-data-from-IPS-using-SDEE/m-p/173581#M34933</guid>
      <dc:creator>jconger</dc:creator>
      <dc:date>2014-05-27T14:51:17Z</dc:date>
    </item>
  </channel>
</rss>

