Does anyone know the command or search string to see which Cisco firewalls are sending traffic to Splunk?
This depends on how they send data to splunk. Is it via UDP?
Something like this should work in most cases:
index=indexName |dedup host | table host
index=indexName |dedup source | table source