I installed the Cisco Security Suite app with the Splunk Add-on for Cisco ASA,and did the setup, but why do I see warnings about eventtype definitions for eventtype=cisco-esa?
We noticed an error when searching, relative to an eventtype from the
cisco ESA app, it may be because the addon "Splunk Add-on for Cisco ESA"
is not installed.
Solutions :
- install the add-on ESA, even if you do not any ESA logs
- or simply update the eventtype "cisco-esa" and remove the 3 eventtypes
missing.
(eventtype="cisco_esa_authentication" OR eventtype="cisco_esa_email" OR
eventtype="cisco_esa_proxy") see
We noticed an error when searching, relative to an eventtype from the
cisco ESA app, it may be because the addon "Splunk Add-on for Cisco ESA"
is not installed.
Solutions :
- install the add-on ESA, even if you do not any ESA logs
- or simply update the eventtype "cisco-esa" and remove the 3 eventtypes
missing.
(eventtype="cisco_esa_authentication" OR eventtype="cisco_esa_email" OR
eventtype="cisco_esa_proxy") see