All Apps and Add-ons

After installing Cisco Security Suite and Splunk Add-on for Cisco ASA, why do I see warnings about eventtype=cisco-esa?

yannK
Splunk Employee
Splunk Employee

I installed the Cisco Security Suite app with the Splunk Add-on for Cisco ASA,and did the setup, but why do I see warnings about eventtype definitions for eventtype=cisco-esa?

0 Karma
1 Solution

yannK
Splunk Employee
Splunk Employee

We noticed an error when searching, relative to an eventtype from the
cisco ESA app, it may be because the addon "Splunk Add-on for Cisco ESA"
is not installed.

Solutions :
- install the add-on ESA, even if you do not any ESA logs
- or simply update the eventtype "cisco-esa" and remove the 3 eventtypes
missing.
(eventtype="cisco_esa_authentication" OR eventtype="cisco_esa_email" OR
eventtype="cisco_esa_proxy") see

View solution in original post

yannK
Splunk Employee
Splunk Employee

We noticed an error when searching, relative to an eventtype from the
cisco ESA app, it may be because the addon "Splunk Add-on for Cisco ESA"
is not installed.

Solutions :
- install the add-on ESA, even if you do not any ESA logs
- or simply update the eventtype "cisco-esa" and remove the 3 eventtypes
missing.
(eventtype="cisco_esa_authentication" OR eventtype="cisco_esa_email" OR
eventtype="cisco_esa_proxy") see

View solution in original post

Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!