All Apps and Add-ons

Splunk TA For Cisco ASA - event_desc and lookups/event_codes.csv missing

Builder

Just upgraded to the Splunk TA for Cisco ASA (previous Cisco Firewall) and noticed that event_desc is missing because event_codes.csv doesnt exist and was never carried over. Any reason why this is the case?

Also the error_code field extraction is missing too.

Doesnt make any sense and I dont see it in the new Cisco Security Suite 3.0 either.

0 Karma

Splunk Employee
Splunk Employee

following up on unanswered questions... the TA has a different knowledge structure than the old app did, and has grown in different ways as newer Splunk versions have become available. The docs describing its current incarnation are here: http://docs.splunk.com/Documentation/AddOns/latest/CiscoASA/Description If you have dashboards or alerts built on older names, you may be able to fieldalias those.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!