Solved: Help with Juniper SRX App - sourcetype=srx_traffi...

mpegan · ‎07-24-2012

I loaded the app "Splunk for Juniper SRX". I'm running Splunk 4.3. I don't seen any data being popultaed into the app.

I can see the syslog data within the native seach app. When I click on the Juniper apps I get the following error.

The following messages were returned by the search subsystem:
DEBUG: base lispy: [ AND sourcetype::srx_traffic ]
DEBUG: search context: user="mpegan", app="SplunkforJuniperSRX", bs-pathname="/opt/splunk/etc"

I'm very new to Splunk and don't know how to troubleshoot this. Do I need to configure the sourcetype srx_traffic?

Any help is greatly appreciated. Thanks

MarioM · ‎07-24-2012

the sourcetype needs to be srx_log

There is a README in the apps folder SPLUNK_HOME/etc/apps/SplunkforJuniperSRX/

View solution in original post

pollo123 · ‎07-26-2012

it seems that I cannot get any data, im using splunk port 514 for udp

MarioM · ‎07-24-2012

the sourcetype needs to be srx_log

There is a README in the apps folder SPLUNK_HOME/etc/apps/SplunkforJuniperSRX/

mpegan · ‎07-24-2012

oh man!

That did it. Thanks so much. I was so looking forward to this app.

MarioM · ‎07-24-2012

I am glad it did! Please accept my answer for those who have same issue to know this is the answer.Thanks

Help with Juniper SRX App - sourcetype=srx_traffic

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

Are you a member of the Splunk Community?

Help with Juniper SRX App - sourcetype=srx_traffic

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR