Splunk Search

Is there a command or search to see which unique Cisco firewalls are sending traffic to Splunk?

New Member

Does anyone know the command or search string to see which Cisco firewalls are sending traffic to Splunk?

0 Karma

SplunkTrust
SplunkTrust

This depends on how they send data to splunk. Is it via UDP?

Something like this should work in most cases:

index=indexName |dedup host | table host
index=indexName |dedup source | table source

0 Karma