×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
BoxerguyT89
Loves-to-Learn Lots
Member since: ‎02-19-2024
‎03-26-2025
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-19-2024
View All

Re: Barracuda Email Gateway Add-on Field Extractio...

by in Getting Data In
‎04-06-2024 01:54 PM
‎04-06-2024 01:54 PM
Hey thanks for the reply! Honestly, I forgot about this post or I would have updated it. It seems like the add-on is for a different version of the Barracuda Email Defense than we have. The Barracuda syslog documentation shows a log format that is different than what our cloud platform is sending, but does match what this add-on is looking for. I believe the add-on may be for a self-hosted or on-prem solution. I was able to parse our logs by a field extraction spath on the extracted JSON. Unfortunately, nothing in the logs easily indicates email directionality, so that's a pain. ... View more

Barracuda Email Gateway Add-on Field Extraction no...

by in Getting Data In
‎02-19-2024 01:26 PM
‎02-19-2024 01:26 PM
Hello all I hope this is the right forum, I am having some trouble with the Barracuda Email Security Gateway Add-on and field extraction. We have a Splunk Cloud subscription and I am using an Ubuntu server with rsyslog and a universal forwarder to send syslog data to our Splunk Cloud instance. I have the Barracuda Email Security Gateway Add-on installed in our Splunk Cloud. I have the data from our Barracuda Email Gateway system going into a folder called /var/log/syslog_barracuda.log. I have my inputs.conf file configured as follows: [monitor:///var/log/syslog_barracuda.log] disabled = 0 sourcetype = barracuda In our Splunk Cloud, I see the events, and they have the "barracuda" sourcetype as expected. The problem is, no field extraction is applied to these events. Is there something I am missing? The Add-on only shows to add the lines to the inputs.conf file. Any help would be appreciated, I am new to Splunk and trying to wrap my head around everything. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-26-2025 12:35 PM