All Apps and Add-ons

Cisco WSA sourcetype and logpath ?

teknet9
Path Finder

Hello Team,

I have installed Cisco WSA add on, receiving W3C syslogs from my WSA.
Trying to configure this app in Splunk as per:

http://docs.splunk.com/Documentation/AddOns/released/CiscoWSA/Configureinputsonforwarder

And documentation is not clear, what is "\filename" ? Could you please help me ?

I do also not understand where do i bind syslogs received from WSA to specific index/sourcetype/filename ?
How my splunk instance would know that specific syslog message has been received from WSA and should be processed by WSA application/dashboard ?

Thanks,

0 Karma
1 Solution

hunters_splunk
Splunk Employee
Splunk Employee

Hi teknet9,

In the following stanza, filename is the name of the log file you want to add as a monitor input.

[monitor://\filename]
sourcetype = cisco:wsa:w3c*

To capture syslog, you add TCP or UDP data inputs (rather than monitor file and directories) to configure Splunk to listen on a network port.

The add-on includes both index-time and search-time knowledge - field extractions, tags, field aliases, lookups ... - to enable Splunk to properly ingest, interpret, and present log data.

Hope this helps.
Best regards
Hunter

View solution in original post

0 Karma

hunters_splunk
Splunk Employee
Splunk Employee

Hi teknet9,

In the following stanza, filename is the name of the log file you want to add as a monitor input.

[monitor://\filename]
sourcetype = cisco:wsa:w3c*

To capture syslog, you add TCP or UDP data inputs (rather than monitor file and directories) to configure Splunk to listen on a network port.

The add-on includes both index-time and search-time knowledge - field extractions, tags, field aliases, lookups ... - to enable Splunk to properly ingest, interpret, and present log data.

Hope this helps.
Best regards
Hunter

0 Karma
Get Updates on the Splunk Community!

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...