topic Tip: Sample pfSense Logs Parsed Here in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Tip-Sample-pfSense-Logs-Parsed-Here/m-p/267238#M51178 <P>Hi,</P> <P>I have parsed some pfSense logs. For anyone making an app, please go ahead and use this info.</P> <P>Cheers and use in good health.</P> <P>pfsense_dhcp</P> <PRE><CODE>(?P&lt;host&gt;\d+\.\d+\.\d+\.\d+)\s(?P&lt;timestamp&gt;\S+(.*|\s)\s\d+\s\d+\:\d+\:\d+)\s(?P&lt;logtype&gt;\w+(.*|\[\d+\]))\:\s(?P&lt;dhcp_type&gt;\w+)\s\w+\s(?P&lt;request_address&gt;\d+\.\d+\.\d+\.\d+)\s\w+\s(?P&lt;request_mac&gt;\w+\:\w+\:\w+\:\w+\:\w+\:\w+)\s|\((?P&lt;network&gt;(.*))\)\s\w+\s(?P&lt;interface&gt;\w+) </CODE></PRE> <P>pfsense_ipv4_icmp</P> <PRE><CODE>(?P&lt;host&gt;\d+\.\d+\.\d+\.\d+)\s(?P&lt;timestamp&gt;\S+.*|\s\s\d+\s\d+\:\d+\:\d+)\s(?P&lt;logtype&gt;\w+)\:\s(?P&lt;rule_number&gt;.*|\d+)\,(?P&lt;sub_rule_number&gt;.*|\d+)\,(?P&lt;anchor&gt;.*|\w+)\,(?P&lt;tracker&gt;\d+)\,(?P&lt;real_interface&gt;\w+)\,(?P&lt;reason&gt;\w+)\,(?P&lt;action&gt;\w+)\,(?P&lt;direction&gt;\w+)\,(?P&lt;ip_version&gt;\d)\,(?P&lt;tos&gt;\d+x\d+)\,\,(?P&lt;ttl&gt;\d+)\,(?P&lt;id&gt;\d+)\,(?P&lt;offset&gt;\d+)\,(?P&lt;flags&gt;\w+)\,(?P&lt;protocol_id&gt;\d+)\,(?P&lt;protocol_text&gt;\w+)\,(?P&lt;length&gt;\d+)\,(?P&lt;source_address&gt;\d+\.\d+\.\d+\.\d+)\,(?P&lt;destination_address&gt;\d+\.\d+\.\d+\.\d+)\,(?P&lt;icmp_type&gt;\w+)\,(?P&lt;icmp_id&gt;\d+)\,(?P&lt;icmp_sequence&gt;\d+) </CODE></PRE> <P>pfsense_ipv4_tcp</P> <PRE><CODE>(?P&lt;host&gt;\d+\.\d+\.\d+\.\d+)\s(?P&lt;timestamp&gt;\S+.*|\s\s\d+\s\d+\:\d+\:\d+)\s(?P&lt;logtype&gt;\w+)\:\s(?P&lt;rule_number&gt;.*|\d+)\,(?P&lt;sub_rule_number&gt;.*|\d+)\,(?P&lt;anchor&gt;.*|\w+)\,(?P&lt;tracker&gt;\d+)\,(?P&lt;real_interface&gt;\w+)\,(?P&lt;reason&gt;\w+)\,(?P&lt;action&gt;\w+)\,(?P&lt;direction&gt;\w+)\,(?P&lt;ip_version&gt;\d)\,(?P&lt;tos&gt;\d+x\d+)\,\,(?P&lt;ttl&gt;\d+)\,(?P&lt;id&gt;\d+)\,(?P&lt;offset&gt;\d+)\,(?P&lt;flags&gt;\w+)\,(?P&lt;protocol_id&gt;\d+)\,(?P&lt;protocol_text&gt;\w+)\,(?P&lt;length&gt;\d+)\,(?P&lt;source_address&gt;\d+\.\d+\.\d+\.\d+)\,(?P&lt;destination_address&gt;\d+\.\d+\.\d+\.\d+)\,(?P&lt;source_port&gt;\d+)\,(?P&lt;destination_port&gt;\d+)\,(?P&lt;data_length&gt;\d+)\,(?P&lt;tcp_flag&gt;\w+)\,(?P&lt;sequence_number&gt;\d+)\,(?P&lt;ack_number&gt;.*|\d+)\,(?P&lt;tcp_window&gt;\d+)\,\,(?P&lt;tcp_options&gt;.*|\S+) </CODE></PRE> <P>pfsense_ipv4_udp</P> <PRE><CODE>(?P&lt;host&gt;\d+\.\d+\.\d+\.\d+)\s(?P&lt;timestamp&gt;\S+.*|\s\s\d+\s\d+\:\d+\:\d+)\s(?P&lt;logtype&gt;\w+)\:\s(?P&lt;rule_number&gt;.*|\d+)\,(?P&lt;sub_rule_number&gt;.*|\d+)\,(?P&lt;anchor&gt;.*|\w+)\,(?P&lt;tracker&gt;\d+)\,(?P&lt;real_interface&gt;\w+)\,(?P&lt;reason&gt;\w+)\,(?P&lt;action&gt;\w+)\,(?P&lt;direction&gt;\w+)\,(?P&lt;ip_version&gt;\d)\,(?P&lt;tos&gt;\d+x\d+)\,\,(?P&lt;ttl&gt;\d+)\,(?P&lt;id&gt;\d+)\,(?P&lt;offset&gt;\d+)\,(?P&lt;flags&gt;\w+)\,(?P&lt;protocol_id&gt;\d+)\,(?P&lt;protocol_text&gt;\w+)\,(?P&lt;length&gt;\d+)\,(?P&lt;source_address&gt;\d+\.\d+\.\d+\.\d+)\,(?P&lt;destination_address&gt;\d+\.\d+\.\d+\.\d+)\,(?P&lt;source_port&gt;\d+)\,(?P&lt;destination_port&gt;\d+)\,(?P&lt;data_length&gt;\d+) </CODE></PRE> <P>pfsense_ipv6_icmpv6</P> <PRE><CODE>(?P&lt;host&gt;\d+\.\d+\.\d+\.\d+)\s(?P&lt;timestamp&gt;\S+.*|\s\s\d+\s\d+\:\d+\:\d+)\s(?P&lt;logtype&gt;\w+)\:\s(?P&lt;rule_number&gt;.*|\d+)\,(?P&lt;sub_rule_number&gt;.*|\d+)\,(?P&lt;anchor&gt;.*|\w+)\,(?P&lt;tracker&gt;\d+)\,(?P&lt;real_interface&gt;\w+)\,(?P&lt;reason&gt;\w+)\,(?P&lt;action&gt;\w+)\,(?P&lt;direction&gt;\w+)\,(?P&lt;ip_version&gt;\d)\,(?P&lt;class&gt;\d+x\d+)\,(?P&lt;flow_label&gt;\w+)\,(?P&lt;hop_limit&gt;\d+)\,(?P&lt;protocol_text&gt;\w+)\,(?P&lt;protocol_id&gt;\d+)\,(?P&lt;length&gt;\d+)\,(?P&lt;source_address&gt;(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])))\,(?P&lt;destination_address&gt;(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])))\, </CODE></PRE> <P>pfsense_nginx</P> <PRE><CODE>(?P&lt;host&gt;\d+\.\d+\.\d+\.\d+)\s(?P&lt;timestamp&gt;\S+(.*|\s)\s\d+\s\d+\:\d+\:\d+)\s(?P&lt;fqdn&gt;\w+\.\w+\.\w+)\s(?P&lt;logtype&gt;\w+)\:\s(?P&lt;remote_address&gt;\d+\.\d+\.\d+\.\d+)\s\-\s\-\s\[\S+\s\-\d+\]\s\"(?P&lt;request&gt;.*)\"\s(?P&lt;status&gt;\d+)\s(?P&lt;body_bytes_sent&gt;\d+)\s\"(?P&lt;http_referrer&gt;\S+)\"\s\"(?P&lt;http_user_agent&gt;.*)\" </CODE></PRE> <P>pfsense_snort</P> <PRE><CODE>(?P&lt;host&gt;\d+\.\d+\.\d+\.\d+)\s(?P&lt;timestamp&gt;\S+(.*|\s)\s\d+\s\d+\:\d+\:\d+)\s(?P&lt;logtype&gt;\w+)(.*)\:\s\[(?P&lt;GID&gt;\d+)\:(?P&lt;SID&gt;\d+)\:(?P&lt;rev&gt;\d+)\]\s(?P&lt;description&gt;.*)\s\[Classification:\s(?P&lt;classification&gt;.*)\]\s\[Priority:\s(?P&lt;priority&gt;\d+)\]\s\{(?P&lt;protocol&gt;\w+)\}\s(?P&lt;source_address&gt;\d+\.\d+\.\d+\.\d+)\:(?P&lt;source_port&gt;\d+)\s\-\&gt;\s(?P&lt;destination_address&gt;\d+\.\d+\.\d+\.\d+)\:(?P&lt;destination_port&gt;\d+) </CODE></PRE> Tue, 29 Sep 2020 12:39:01 GMT arizvi801 2020-09-29T12:39:01Z Tip: Sample pfSense Logs Parsed Here https://community.splunk.com/t5/Getting-Data-In/Tip-Sample-pfSense-Logs-Parsed-Here/m-p/267238#M51178 <P>Hi,</P> <P>I have parsed some pfSense logs. For anyone making an app, please go ahead and use this info.</P> <P>Cheers and use in good health.</P> <P>pfsense_dhcp</P> <PRE><CODE>(?P&lt;host&gt;\d+\.\d+\.\d+\.\d+)\s(?P&lt;timestamp&gt;\S+(.*|\s)\s\d+\s\d+\:\d+\:\d+)\s(?P&lt;logtype&gt;\w+(.*|\[\d+\]))\:\s(?P&lt;dhcp_type&gt;\w+)\s\w+\s(?P&lt;request_address&gt;\d+\.\d+\.\d+\.\d+)\s\w+\s(?P&lt;request_mac&gt;\w+\:\w+\:\w+\:\w+\:\w+\:\w+)\s|\((?P&lt;network&gt;(.*))\)\s\w+\s(?P&lt;interface&gt;\w+) </CODE></PRE> <P>pfsense_ipv4_icmp</P> <PRE><CODE>(?P&lt;host&gt;\d+\.\d+\.\d+\.\d+)\s(?P&lt;timestamp&gt;\S+.*|\s\s\d+\s\d+\:\d+\:\d+)\s(?P&lt;logtype&gt;\w+)\:\s(?P&lt;rule_number&gt;.*|\d+)\,(?P&lt;sub_rule_number&gt;.*|\d+)\,(?P&lt;anchor&gt;.*|\w+)\,(?P&lt;tracker&gt;\d+)\,(?P&lt;real_interface&gt;\w+)\,(?P&lt;reason&gt;\w+)\,(?P&lt;action&gt;\w+)\,(?P&lt;direction&gt;\w+)\,(?P&lt;ip_version&gt;\d)\,(?P&lt;tos&gt;\d+x\d+)\,\,(?P&lt;ttl&gt;\d+)\,(?P&lt;id&gt;\d+)\,(?P&lt;offset&gt;\d+)\,(?P&lt;flags&gt;\w+)\,(?P&lt;protocol_id&gt;\d+)\,(?P&lt;protocol_text&gt;\w+)\,(?P&lt;length&gt;\d+)\,(?P&lt;source_address&gt;\d+\.\d+\.\d+\.\d+)\,(?P&lt;destination_address&gt;\d+\.\d+\.\d+\.\d+)\,(?P&lt;icmp_type&gt;\w+)\,(?P&lt;icmp_id&gt;\d+)\,(?P&lt;icmp_sequence&gt;\d+) </CODE></PRE> <P>pfsense_ipv4_tcp</P> <PRE><CODE>(?P&lt;host&gt;\d+\.\d+\.\d+\.\d+)\s(?P&lt;timestamp&gt;\S+.*|\s\s\d+\s\d+\:\d+\:\d+)\s(?P&lt;logtype&gt;\w+)\:\s(?P&lt;rule_number&gt;.*|\d+)\,(?P&lt;sub_rule_number&gt;.*|\d+)\,(?P&lt;anchor&gt;.*|\w+)\,(?P&lt;tracker&gt;\d+)\,(?P&lt;real_interface&gt;\w+)\,(?P&lt;reason&gt;\w+)\,(?P&lt;action&gt;\w+)\,(?P&lt;direction&gt;\w+)\,(?P&lt;ip_version&gt;\d)\,(?P&lt;tos&gt;\d+x\d+)\,\,(?P&lt;ttl&gt;\d+)\,(?P&lt;id&gt;\d+)\,(?P&lt;offset&gt;\d+)\,(?P&lt;flags&gt;\w+)\,(?P&lt;protocol_id&gt;\d+)\,(?P&lt;protocol_text&gt;\w+)\,(?P&lt;length&gt;\d+)\,(?P&lt;source_address&gt;\d+\.\d+\.\d+\.\d+)\,(?P&lt;destination_address&gt;\d+\.\d+\.\d+\.\d+)\,(?P&lt;source_port&gt;\d+)\,(?P&lt;destination_port&gt;\d+)\,(?P&lt;data_length&gt;\d+)\,(?P&lt;tcp_flag&gt;\w+)\,(?P&lt;sequence_number&gt;\d+)\,(?P&lt;ack_number&gt;.*|\d+)\,(?P&lt;tcp_window&gt;\d+)\,\,(?P&lt;tcp_options&gt;.*|\S+) </CODE></PRE> <P>pfsense_ipv4_udp</P> <PRE><CODE>(?P&lt;host&gt;\d+\.\d+\.\d+\.\d+)\s(?P&lt;timestamp&gt;\S+.*|\s\s\d+\s\d+\:\d+\:\d+)\s(?P&lt;logtype&gt;\w+)\:\s(?P&lt;rule_number&gt;.*|\d+)\,(?P&lt;sub_rule_number&gt;.*|\d+)\,(?P&lt;anchor&gt;.*|\w+)\,(?P&lt;tracker&gt;\d+)\,(?P&lt;real_interface&gt;\w+)\,(?P&lt;reason&gt;\w+)\,(?P&lt;action&gt;\w+)\,(?P&lt;direction&gt;\w+)\,(?P&lt;ip_version&gt;\d)\,(?P&lt;tos&gt;\d+x\d+)\,\,(?P&lt;ttl&gt;\d+)\,(?P&lt;id&gt;\d+)\,(?P&lt;offset&gt;\d+)\,(?P&lt;flags&gt;\w+)\,(?P&lt;protocol_id&gt;\d+)\,(?P&lt;protocol_text&gt;\w+)\,(?P&lt;length&gt;\d+)\,(?P&lt;source_address&gt;\d+\.\d+\.\d+\.\d+)\,(?P&lt;destination_address&gt;\d+\.\d+\.\d+\.\d+)\,(?P&lt;source_port&gt;\d+)\,(?P&lt;destination_port&gt;\d+)\,(?P&lt;data_length&gt;\d+) </CODE></PRE> <P>pfsense_ipv6_icmpv6</P> <PRE><CODE>(?P&lt;host&gt;\d+\.\d+\.\d+\.\d+)\s(?P&lt;timestamp&gt;\S+.*|\s\s\d+\s\d+\:\d+\:\d+)\s(?P&lt;logtype&gt;\w+)\:\s(?P&lt;rule_number&gt;.*|\d+)\,(?P&lt;sub_rule_number&gt;.*|\d+)\,(?P&lt;anchor&gt;.*|\w+)\,(?P&lt;tracker&gt;\d+)\,(?P&lt;real_interface&gt;\w+)\,(?P&lt;reason&gt;\w+)\,(?P&lt;action&gt;\w+)\,(?P&lt;direction&gt;\w+)\,(?P&lt;ip_version&gt;\d)\,(?P&lt;class&gt;\d+x\d+)\,(?P&lt;flow_label&gt;\w+)\,(?P&lt;hop_limit&gt;\d+)\,(?P&lt;protocol_text&gt;\w+)\,(?P&lt;protocol_id&gt;\d+)\,(?P&lt;length&gt;\d+)\,(?P&lt;source_address&gt;(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])))\,(?P&lt;destination_address&gt;(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])))\, </CODE></PRE> <P>pfsense_nginx</P> <PRE><CODE>(?P&lt;host&gt;\d+\.\d+\.\d+\.\d+)\s(?P&lt;timestamp&gt;\S+(.*|\s)\s\d+\s\d+\:\d+\:\d+)\s(?P&lt;fqdn&gt;\w+\.\w+\.\w+)\s(?P&lt;logtype&gt;\w+)\:\s(?P&lt;remote_address&gt;\d+\.\d+\.\d+\.\d+)\s\-\s\-\s\[\S+\s\-\d+\]\s\"(?P&lt;request&gt;.*)\"\s(?P&lt;status&gt;\d+)\s(?P&lt;body_bytes_sent&gt;\d+)\s\"(?P&lt;http_referrer&gt;\S+)\"\s\"(?P&lt;http_user_agent&gt;.*)\" </CODE></PRE> <P>pfsense_snort</P> <PRE><CODE>(?P&lt;host&gt;\d+\.\d+\.\d+\.\d+)\s(?P&lt;timestamp&gt;\S+(.*|\s)\s\d+\s\d+\:\d+\:\d+)\s(?P&lt;logtype&gt;\w+)(.*)\:\s\[(?P&lt;GID&gt;\d+)\:(?P&lt;SID&gt;\d+)\:(?P&lt;rev&gt;\d+)\]\s(?P&lt;description&gt;.*)\s\[Classification:\s(?P&lt;classification&gt;.*)\]\s\[Priority:\s(?P&lt;priority&gt;\d+)\]\s\{(?P&lt;protocol&gt;\w+)\}\s(?P&lt;source_address&gt;\d+\.\d+\.\d+\.\d+)\:(?P&lt;source_port&gt;\d+)\s\-\&gt;\s(?P&lt;destination_address&gt;\d+\.\d+\.\d+\.\d+)\:(?P&lt;destination_port&gt;\d+) </CODE></PRE> Tue, 29 Sep 2020 12:39:01 GMT https://community.splunk.com/t5/Getting-Data-In/Tip-Sample-pfSense-Logs-Parsed-Here/m-p/267238#M51178 arizvi801 2020-09-29T12:39:01Z Re: Tip: Sample pfSense Logs Parsed Here https://community.splunk.com/t5/Getting-Data-In/Tip-Sample-pfSense-Logs-Parsed-Here/m-p/267239#M51179 <P>Hi @arizvi801 - Thank you so much for sharing your pfsense parsing. It would be great if you could put your code in an Answer below that can be accepted. That way other users will know this post is resolved and it can be easily found as a reference <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> Thanks!</P> <P>I've slighted edited your post to make it easier to read all the code. You can click the gear icon to the right of the title and click "Edit" where you can copy and paste all the code into an Answer below.</P> Wed, 01 Feb 2017 18:24:20 GMT https://community.splunk.com/t5/Getting-Data-In/Tip-Sample-pfSense-Logs-Parsed-Here/m-p/267239#M51179 aaraneta_splunk 2017-02-01T18:24:20Z Re: Tip: Sample pfSense Logs Parsed Here https://community.splunk.com/t5/Getting-Data-In/Tip-Sample-pfSense-Logs-Parsed-Here/m-p/267240#M51180 <P>Resolved in Question.</P> Mon, 23 Apr 2018 17:24:20 GMT https://community.splunk.com/t5/Getting-Data-In/Tip-Sample-pfSense-Logs-Parsed-Here/m-p/267240#M51180 arizviherjavec 2018-04-23T17:24:20Z