I don't see any mention in the TA-sourcefire documentation that estreamer 5.4.0 is supported. Has anyone tested this? If so, can anyone confirm whether this does/doesn't work?
Many thanks!
The Cisco eStreamer for Splunk App has been tested on FireSIGHT version 5.4.1 and Splunk 6.2. You need this before you can leverage the TA. The TA should work fine but I don't yet have first hand feedback on it.