Cisco Security Suite visualization issue

Splunk Employee
Splunk Employee

Hello all,

I am collecting Cisco IronPort WSA events on Splunk 6.

The events got indexed at Splunk, and can be visualized via Search App.

However I am able not to visualize any data using from the Cisco Security Suite ( in conjunction with the Splunk_TA_cisco-wsa).

We have been trying different índex and sourcetype configurations but they don’t seem to be working.

Have you any of one of you have found similar problems in the past? Any standard índex and sourcetype specification recommended?



Tags (3)
0 Karma

Splunk Employee
Splunk Employee

Do you get results using the following search?


Also, did you copy the SA-cisco-wsa folder to $SPLUNK_HOME/etc/apps ?

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...