I'm receiving logs from a Barracuda Web Security Gateway into splunk.
I've created a field extraction rule inline, getting the fields to extract to match the fields of the CIM data-model for web proxy.
Some of the fields like "cached", "cookies", "bytes_in" etc, are not present on the Barracuda logs, so i was thinking i could just ignore them.
The barracuda log structure can be found here: https://campus.barracuda.com/product/websecuritygateway/doc/6160435/syslog-and-the-barracuda-web-security-gateway/
after matching the most relevant fields, I went to Enterprise Security, to see if I can have some information regarding ES.
When I go into Enterprise security and check the data model web, I get some matches:
Am I doing this the right way?
There are not many videos teaching how to use ES. This is a clean Splunk install with just the barracuda proxy logs and some event logs.
Can anyone put me on the right track? Thank you
... View more