I am importing Cisco Ironport data into Splunk, field "subject" contains UTF-8 encoded data with jumbled characters. Is there a way to automatically decode the subject to a string format? Now, I am using Powershell and CyberChef application to decode manually.
Kindly let me know how to solve this issue.
I am using ESA TA that you mentioned, the normal string is parsed well. However, URL, Chinese, and not English characters are still displayed in base64 format. Now, I am wondering if Cisco Ironport has to have some configuration at their end to decode the characters before sending data into Splunk.
What do you think?
Looks like it's a known bug at Cisco Ironport.
Thank you for your input