1)
Did you configure the OPSEC LEA object in your CheckPoint manager?
You then need to establish a session with a one-time password between your manager and your HF.
It's all here: http://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Setup
2)
No I did not make any changes on the indexer as the parsing provided by the app was good enough.
If you can't see any logs flowing take a look at the troubleshooting section first: http://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Troubleshoot
If that doesn't help, raise a new question with the specific details of your problem as you will get a much wider audience that way. Please keep in mind this post was referred to version 3 and not 4 of the OPSEC LEA app.
Thanks,
J
... View more