Visualize hidden Cisco Web Security Appliance (WSA) statistics, simplify troubleshooting, find performance issues. The most important system log for performance troubleshooting on Cisco WSA is a 'hidden' track_stats / prox_track log. It is not mentioned in official user guides. While it contains a lot of very helpful information, it cannot be configured, modified or pushed like other default log types, it must be retrieved using FTP/SCP. Cisco WSA Insight Splunk App provides visualisation of prox_track and System Health (shd) logs, assists with troubleshooting of performance issues and gives insights into OS metrics. It can be used for ad-hoc troubleshooting or for continuous monitoring of Cisco WSA. Read this Cisco presentation that mentions prox_trac log: https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2018/pdf/BRKSEC-3303.pdf There are 26 panels grouped in 10 views: Overview - Appliance overview Authentication - Auth Helper Service Time - Auth Helper Wait Time - Auth Methods + Auth Cache Client Latency - Client Time Connections - Max Client Connections possible: - Connection Errors and Retries - Client Connections - Server Connections DNS - DNS times - DNS Cache Server Latency - Server Transaction Time - Server Wait Time System Health - free compare - System Health System Health - CPU, Disk, RAM - Requests/sec - Bandwidth - Loads - Stats System - User/System time - Block Input/Output Operations - System - System 2 WBRS - WBRS Service Time - WBRS Wait Time About There is also a compare mode that allows you to view graphs of two or three hosts side by side for visual comparison.