Hi !
i have a juniper SA log file that i introduce in splunk.
but splunk does not extract the roles field and the realm field.
i installed splunk for juniper SA but this app doesn't create a specific index or a specific Sourctype that could be used for juniper SA log.
So i want to know how this app is used ? must i give a particular Sourcetype name for my juniper SA log ? or a specific index that could be recognize by this app ?
Thank you for help
i fixed it. In juniper sa apps, in props.conf , regex for role and realm were not exact. i just write the good regex,and it work out .....