All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Ironport web appliance data source

fanningg
New Member
‎05-11-2012 03:19 AM

hi
i am trying to create a data input for my ironport wsa security appliance.
my log files are in the squid format.
i don't seem to have a sourcetype for squid do i need to create this?
thanks
gary

0 Karma
Reply

sdaniels
Splunk Employee
Splunk Employee
‎05-11-2012 03:41 AM

Did you use the Splunk for Cisco Ironport Web Security Appliance? Here is the link for the free download. It will have the data extractions, reports and dashboards for you and then you can configure from there to meet your exact needs.

http://splunk-base.splunk.com/apps/22302/splunk-for-cisco-ironport-web-security-appliance

Check this on the twiki for details on squid format specifically.

http://wiki.splunk.com/Set_up_Splunk_for_Cisco_IronPort_Web_Security_Appliance

0 Karma
Reply

fanningg
New Member
‎05-11-2012 07:47 AM

Thanks Dude, that worked a treat!

0 Karma
Reply

sdaniels
Splunk Employee
Splunk Employee
‎05-11-2012 06:23 AM

You can skip the data preview and set the sourcetype manually. Hit the 'More settings'check box, change the dropdown to manual and put in the cisco_wsa_squid sourcetype.

0 Karma
Reply

fanningg
New Member
‎05-11-2012 06:19 AM

hi
thanks for your reply
i have downloaded the app but when i go to create my data source it's not recognizing the log format.
when i go to apply an existing sourcetype, the cisco_wsa_squid sourcetype is not in the list.
if i go to create a new sourcetype and save as cisco_wsa_squid it says the sourcetype already exists.
gary

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...