×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
david_monaghan
Engager
Member since: ‎01-19-2018
‎10-03-2025
Community Statistics
Posts 3
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎01-19-2018
Activity Feed
View All

Logs required for Splunk ES Content Update?

by in Splunk Enterprise Security
‎10-03-2025 03:44 AM
‎10-03-2025 03:44 AM
Hi Splunkers,   Is there a breakdown of logs required for Splunk ES Content updates?   I have created my own list already but hoping there is some resource where it is updated regularly?   Thanks,   ... View more
Labels

Cisco ESA Textmail Summary Index

by in Getting Data In
‎12-13-2024 08:36 AM
‎12-13-2024 08:36 AM
Hi All, I am trying to create summary index for Cisco ESA Textmail logs. I will then rebuild the Email data model using the summary index. The scheduled search is running correctly but when I try to search the summary index I get no events returned. How does one check that events are going into the summary index correctly? Steps Taken Created a new index called email_summary I have created a scheduled search to run every 15 minutes In the settings I have ticked 'Enable summary indexing' Saved Search   index=email sourcetype=cisco:esa:textmail | stats values(action) as action, values(dest) as dest, values(duration) as duration, values(file_name) as file_name, values(message_id) as message_id, values(recipient) as recipient, dc(recipient) as recipient_count, values(recipient_domain) as recipient_domain, values(src) as src, values(src_user) as src_user, values(src_user_domain) as src_user_domain, values(message_subject) as subject, values(tag) as tag, values(url) as url, values(user) AS user values(vendor_product) as vendor_product, values(vendor_action) as filter_action, values(reputation_score) as filter_score BY internal_message_id     Thanks, Dave ... View more

All WSA logs are being tagged as Attack and Malwar...

by in Splunk Enterprise Security
‎04-26-2019 09:44 AM
‎04-26-2019 09:44 AM
I recently upgraded the Cisco WSA TA and now all WSA logs are being tagged as Malware and Attack traffic. It seems the logs I am receiving have not got any AV scan information included and all such fields of the logs are marked as 'Unknown'. Any help on where to start debugging this problem would be appreciated. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-03-2025 03:16 AM
Karma given to
View All