I am building an index and would like to get some sample data, specifically Cisco Ironport Web data that contains a user, URL and domain fields.
PRO TIP! : Splunk built TAs usually contain a sample directory! Gives you an idea what we used to build the TAs!
Check out the Cisco WSA TA, it has a few goodies in there! Hopefully one fits your needs!
I appreciate your reply, but I had reviewed the logs on the OSSEC site and was not able to find the appropriate log that contained the fields needed.
you could try this: http://ossec-docs.readthedocs.io/en/latest/log_samples/