Splunk Search

Phish tank and Cisco ASA Logs


Hi Guys ,

I am trying to Pull full URL From cisco ASA Logs and feed it into Phishing Dashboard. I have two problems

  1. I manage to apply Regex on cisco ASA URL but output is converting / to %2

index = * 304001 | rex field=_raw "Accessed URL \d+.\d+.\d+.\d+:(?\w+://$)"

*out put is*

  1. how i will input that value in Phishing dashboard under Enter URL Field.

I would really appreciate Help


Try using the urldecode function in the eval command. Add this to your search:

| eval url=urldecode(url)
0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!