All Apps and Add-ons

Splunk Add-on for Juniper 1.3.0 - deprecated sourcetype juniper:sslvpn

pc1234
Engager

Splunk Add-on for Juniper 1.3.0 version 1.3 release notes indicate that the sourcetype juniper:sslvpn is deprecated.
version 1.3.0 still supports this sourcetype. Will events associated with this sourcetype be re-mapped to another sourcetype in the next version after 1.3.0 ? Do I need to take any action when upgrading from version 1.2.0 to 1.3.0?

Any assistance is appreciated.

0 Karma

jshah24
Explorer

By deprecation of juniper:sslvpn sourcetype, it means that it is no longer supported and there won't be any enhancement/fixes to that sourcetype. The add-on still has this sourcetype for the backward compatibility only. So, no additional action required in order to upgrade to 1.3.0.

0 Karma

zrxcrasher
Loves-to-Learn Lots

When a sourcetype is depreciated, is there somewhere I can look to understand why this action was taken.  We currently make use of that sourcetype in the Splunk Add-on for Juniper v1.2.0.  In doing some testing in our Splunk Dev environment, I found out the hard way that this was the case, as nothing parsed after that upgrade.

What are customers to use, what that data and parsing is still needed?

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...