Splunk Search

Need to create a ASA VPN user report

dgodfrey
New Member

Hi all -

I've sort of gotten myself into a bind here.... One of my clients was looking for a way to report on VPN usage, with as little cost to them as possible. I discovered Splunk's free license with the Cisco Security Suite / Firewall app and love the information it is giving me, but I am the most basic of users (i've figured out how to add the "UserID" field, click on it, and see pages of SYSLOG data showing me what users connected/disconneted, I've even learned that if I type "%ASA-5-713259" into the search bar, I can see all of my VPN disconnects - COOL!) Now, for my problem... I need to get that information into a printable report with headings and detail.. and I've got know idea how to do it... This whole world of "rex's" and "field extractions" and "events" has me overwhelmed... is there any sort of tutorial on how to do this.. please forgive my ignorance...

0 Karma

Adrian
Path Finder
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...