Hi, I'm very new to Splunk, and struggling to find a way to filter a specific log which is consuming a large proportion of my license. I have a Cisco ASA set up to send events to Splunk UDP port as syslog. I've restricted the logs to what I want to see by using the Built in filter tools within the ASA. From what I can see within the forum, there are lots of people asking how to filter based off Syslog ID, but I want to filter out based off Syslog ID 302013 and IP xxx.xxx.xxx.xxx, as I want to keep 302013 apart from anything containing that specific IP. I don't even know where to start, but I know this can't be done from the cisco device, so has to be done on the Splunk server. Would really appreciate someone pointing me in the right direction. Thanks, Tim
... View more