All Apps and Add-ons

Which Sourcetype for NGIPS?


The SplunkWorks-built TA called Splunk Add-on for Cisco FireSIGHT said in the description that it is able to parse NGIPS logs. But upon inspection of the `props.conf`, it doesn't have sourcetype for NGIPS. Which should I use? I tried the `cisco:sourcefire` but it's not working.

0 Karma


Thanks. It did not parse the fields of the logs. I ended up writing our own props for it.

0 Karma


I think it would be `[cisco:sourcefire:appliance:syslog]` 

Also, that TA is out of support.  Cisco has released a supported addon to replace it here:

Get Updates on the Splunk Community!

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...