I am very new to Splunk so please let me know if you need more information or if I am not specific enough.
I am trying to use splunk with the "App for McAfee Web Gateway". There is not really much documention, so I guess the installation instructions are obvious if you know splunk well, but I don't...
The App seems fine, and I imported the "MWGaccesslog_for_Splunk.xml" into the Web Gateway. Log file is being written locally on the web gateway.
To test the app, I copied it to splunk server.
No when I want to add a data input through Settings -> Data inputs -> Files & Directories I can select the file and the preview looks valid.
But when I want to select the source type "MWGaccesslog" it is not available from the list (there is only access_combined, apache_error, iis, ...).
I tried to "Start a new source type" and using the name "MWGaccesslog", but then splunk sais that this source already exists.
So why can't I select it from the list?
The installed version is Splunk free 6.0.1 on Debian 7.