Even though I collected some logs from network device, like Cisco switch and firewall. but how can I analyze them and extract fields?
Splunk only supply a source "Cisco:asa", but it can only identify less fields from network device logs. Shall I extract them manually or there's another plugins to solve this problem?
Hi @lllidan,
see in apps.splunk.com if there's a Technical Add-on for your device that gives you all the needed extractions: probably this is what you're searching https://splunkbase.splunk.com/app/1620/ .
I'm sure that you'll find what you need, but otherwise, you can use a regex for this extraction.
Ciao.
Giuseppe