All Apps and Add-ons

McAfee App: MWGaccesslog not available as source type

sdahlmann
Explorer

Hi,

I am very new to Splunk so please let me know if you need more information or if I am not specific enough.

I am trying to use splunk with the "App for McAfee Web Gateway". There is not really much documention, so I guess the installation instructions are obvious if you know splunk well, but I don't...

The App seems fine, and I imported the "MWGaccesslog_for_Splunk.xml" into the Web Gateway. Log file is being written locally on the web gateway.
To test the app, I copied it to splunk server.

No when I want to add a data input through Settings -> Data inputs -> Files & Directories I can select the file and the preview looks valid.
But when I want to select the source type "MWGaccesslog" it is not available from the list (there is only access_combined, apache_error, iis, ...).
I tried to "Start a new source type" and using the name "MWGaccesslog", but then splunk sais that this source already exists.

So why can't I select it from the list?

The installed version is Splunk free 6.0.1 on Debian 7.

Thanks!

Tags (1)
1 Solution

sdahlmann
Explorer

Ok, I found it, it is not in the list, I have to type it into the field after selecting manual...
My bad...

The data seems to be indexed, I can find it in the search and it sais "sourcetype = MWGaccess".
So far so good... but nothing shows up in the App.
Any idea what I am missing?

Thanks

View solution in original post

0 Karma

sdahlmann
Explorer

Ok, I found it, it is not in the list, I have to type it into the field after selecting manual...
My bad...

The data seems to be indexed, I can find it in the search and it sais "sourcetype = MWGaccess".
So far so good... but nothing shows up in the App.
Any idea what I am missing?

Thanks

View solution in original post

0 Karma

sdahlmann
Explorer

Yes it is - again, my bad.
I recreated the data input and now it works.

No I'll just have to find a good way to get the log file to the splunk server.

Thanks!

0 Karma

Ayn
Legend

Wasn't that supposed to be "MWGaccesslog"?

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!