Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Is there an example transforms for Splunk for Cisco Firewalls app?

awsdcuser
Explorer
‎05-07-2013 02:18 PM

I have Splunk for Cisco Firewalls app v2.0 installed. It is generating some warning messages in the logs: WARN SearchOperator:kv - Invalid key-value parser, ignoring it, transform_name='ciscosyslog-src_dom_addr_port_2'; WARN SearchOperator:kv - Invalid key-value parser, ignoring it, transform_name='ciscosyslog-dst_dom_addr_port_2'; and WARN SearchOperator:kv - Invalid key-value parser, ignoring it, transform_name='product_static_IDS'. Are there any samples of stanzas (or example transforms.conf) for these transforms?

Reply
1 Solution
Solved! Jump to solution
Solution

agrant
Explorer
‎06-11-2013 02:01 AM

Looks like there is either two missing transforms in default/transforms.conf or the props.conf should be corrected not to call the two _2 transforms.

Namely: ciscosyslog-src_dom_addr_port_2, ciscosyslog-dst_dom_addr_port_2

Perhaps this was a copy/paste error by the developer. For now I'm going to simply remove the transform calls.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

agrant
Explorer
‎06-11-2013 02:01 AM

Looks like there is either two missing transforms in default/transforms.conf or the props.conf should be corrected not to call the two _2 transforms.

Namely: ciscosyslog-src_dom_addr_port_2, ciscosyslog-dst_dom_addr_port_2

Perhaps this was a copy/paste error by the developer. For now I'm going to simply remove the transform calls.

0 Karma
Reply
Solved! Jump to solution

awsdcuser
Explorer
‎06-11-2013 09:33 AM

Of the three transforms, I did manage to "fix" two of them while working on a solution for my environment for this problem: http://splunk-base.splunk.com/answers/8006/cisco-app-pix-inbound-vs-outbound. I have not revisited the other to see if I want to just remove the transform call or find/create a transform to use.

Thanks.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...