Re: How to setup a report on all the firewalls rep...

plantiw · ‎08-06-2018

I am trying to create a report to just show what firewalls are reporting to Splunk.

plantiw · ‎08-06-2018

I am new to splunk and how do I use that

jdhunter · ‎08-06-2018

Type that in your search as is, you just need to know what index the firewall data is being written to and update the portion after index=

Once you get the syntax correct, you can create a report by clicking Save As > Report and schedule it to run daily, weekly, etc.

jdhunter · ‎08-06-2018

http://docs.splunk.com/Documentation/Splunk/7.1.2/SearchReference/Metadata

| metadata type=hosts index=your_firewall_index

renjith_nair · ‎08-06-2018

Would you mind providing little more information ?
- What's present in your events regarding firewall? or How would you identify that the events are coming from firewall?
- Is the source field contain any information regarding the actual source of information?

---
What goes around comes around. If it helps, hit it with Karma 🙂

plantiw · ‎08-06-2018

8/6/18
9:15:30.000 AM

Aug 6 09:15:30 172.19.76.9 Aug 06 2018 09:15:30: %ASA-6-302016: Teardown UDP connection 1332069924 for DMZ-8:172.19.115.13/53 to Inside:172.19.32.15/58709 duration 0:00:00 bytes 108
host = 172.19.76.9 source = udp:1480 sourcetype = cisco:asa

How to setup a report on all the firewalls reporting to Splunk?

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

How to setup a report on all the firewalls reporting to Splunk?

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!