All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

dont work Juniper SSG Firewall Log Analysis app

arabgol
New Member
‎12-01-2017 11:38 PM

hello ,
how i can add this app to splunk , when i add to splunk and copy extract file" Juniper SSG Firewall Log Analysis" to $splunk/etc/app , dont show to me any things in dashboard,
please help me

0 Karma
Reply

adigrio
Path Finder
‎12-02-2017 06:08 AM

As jkat54 mentioned, the Splunk Add-on for Juniper is required in order to create the Splunk parsers for Juniper logs. In addition to that, make sure that you run the setup for the Firegen for Juniper app (it should launch automatically when you use it first time). During the setup you have to specify or confirm the index used to collect the Juniper logs. For example, if you collect your logs through an index called "ssg", the setup page should look like this:

alt text

This setting configures the ssg_index macro used by the analyzer app. If the app still doesn't show any stats after you configure the index, make sure that indeed you do have log entries for the time interval that you are trying to analyze. Open a regular search box and just enter the index and the time interval. The search should return the Juniper entries. Confirm that the entries contain fields such as src, dst, action, service, dst_port, sent and rcvd:

alt text

If the fields are not present then it's possible that the Splunk Add-on for Juniper is not installed properly or the log entries are not in the format expected by the add-on. Post a screenshot with the extracted fields if that's the case so we can take a look.

Preview file
64 KB
Preview file
11 KB
0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎12-02-2017 05:06 AM

The app requires the Splunk Add-On for Juniper (https://splunkbase.splunk.com/app/2847) in order to create the required sourcetypes.

Do you have the add on installed too?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...