I saw that there's no CIM in the app description, so I thought it was not compliant.
After investigating a bit I could see a few tag and eventypes, but i don't see anything matched.
In the logs I receive there's a lot of fields that are not matched (here the list of the possible fields I have).
source
sourcetype
app
app_proto
dest
dest_ip
fw_rule
http_response
rule
src
src_ip
url
user
time
index
linecount
splunk_server
I'm pretty sure that I should have a ton of other fields. Can you confirm that I should see more things?
Many thanks
... View more