Help on splunk firegen aspps as it is not working...

nbnsplunk121820 · ‎12-18-2017

Help on splunk firegen aspps as it is not working or displaying datas in the dashboard,Need help because splunk firegen apps is not working with my asa 5520 for cisco asa

adigrio · ‎12-18-2017

Hi,

Can you confirm that you have the Splunk Add-on for Cisco ASA installed? This creates the sourcetype and the parsers that are needed to extract the required fields from the ASA logs. If this is installed correctly, the indexed events should indicate cisco:asa as sourcetype.

If the add-on for Cisco ASA is installed, the next step is to confirm that you do have entries in the associated index. When you launch the Firegen for Cisco ASA app for the first time, it will ask you to specify the index used for the ASA logs. Verify that the index used by the FIregen app is the one where the logs are (you can rerun the Setup from the Managed Apps page):

This sets the cisco_asa_index macro that is used by the FIregen app.

Please verify these two things and then let us know if it still doesn't work so we can troubleshoot it further.

Help on splunk firegen aspps as it is not working or displaying datas in the dashboard,not working with my asa 5520 in splunk firegen for cisco asa

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases