Just upgraded to the Splunk TA for Cisco ASA (previous Cisco Firewall) and noticed that event_desc is missing because event_codes.csv doesnt exist and was never carried over. Any reason why this is the case?
Also the error_code field extraction is missing too.
Doesnt make any sense and I dont see it in the new Cisco Security Suite 3.0 either.
following up on unanswered questions... the TA has a different knowledge structure than the old app did, and has grown in different ways as newer Splunk versions have become available. The docs describing its current incarnation are here: http://docs.splunk.com/Documentation/AddOns/latest/CiscoASA/Description If you have dashboards or alerts built on older names, you may be able to fieldalias those.