All Apps and Add-ons

After installing Cisco Security Suite and Splunk Add-on for Cisco ASA, why do I see warnings about eventtype=cisco-esa?

yannK
Splunk Employee
Splunk Employee

I installed the Cisco Security Suite app with the Splunk Add-on for Cisco ASA,and did the setup, but why do I see warnings about eventtype definitions for eventtype=cisco-esa?

0 Karma
1 Solution

yannK
Splunk Employee
Splunk Employee

We noticed an error when searching, relative to an eventtype from the
cisco ESA app, it may be because the addon "Splunk Add-on for Cisco ESA"
is not installed.

Solutions :
- install the add-on ESA, even if you do not any ESA logs
- or simply update the eventtype "cisco-esa" and remove the 3 eventtypes
missing.
(eventtype="cisco_esa_authentication" OR eventtype="cisco_esa_email" OR
eventtype="cisco_esa_proxy") see

View solution in original post

yannK
Splunk Employee
Splunk Employee

We noticed an error when searching, relative to an eventtype from the
cisco ESA app, it may be because the addon "Splunk Add-on for Cisco ESA"
is not installed.

Solutions :
- install the add-on ESA, even if you do not any ESA logs
- or simply update the eventtype "cisco-esa" and remove the 3 eventtypes
missing.
(eventtype="cisco_esa_authentication" OR eventtype="cisco_esa_email" OR
eventtype="cisco_esa_proxy") see

Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...