Would be interested in this as well. I HAD it working but upgraded to v3.1.0 of the Splunk TA Add-on for cisco ASA and that broke everything.
Hi, the key to understanding this is that the ASA add-on doesn't gather data, it models it. You need to configure Splunk to receive the data and set a sourcetype that tells the knowledge mapping in the Addon to apply.
If your devices are already configured to write logs into a syslog server, you can just monitor the directory. If you are starting from scratch, you can have the devices send syslog straight to Splunk by adding a network input.