Hi, I'm bring SRX data into Splunk but the fields aren't getting extracted by the Juniper Add-On.
Can the Juniper Add-On parse SRX logs? And if so, what could be the issue? The logs are coming in, but its not searchable since there's no field extractions.
I'd like some clarification on this as well. Does the TA select the correct source type for these events?
i have the same issue. i dont know what sourcetype should be set in input file. srx forwarding logs via syslog on UDP:514.