Hi all -
I've sort of gotten myself into a bind here.... One of my clients was looking for a way to report on VPN usage, with as little cost to them as possible. I discovered Splunk's free license with the Cisco Security Suite / Firewall app and love the information it is giving me, but I am the most basic of users (i've figured out how to add the "UserID" field, click on it, and see pages of SYSLOG data showing me what users connected/disconneted, I've even learned that if I type "%ASA-5-713259" into the search bar, I can see all of my VPN disconnects - COOL!) Now, for my problem... I need to get that information into a printable report with headings and detail.. and I've got know idea how to do it... This whole world of "rex's" and "field extractions" and "events" has me overwhelmed... is there any sort of tutorial on how to do this.. please forgive my ignorance...
This is a great tutorial:
http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial
You can also download a copy of this free book:
http://www.splunk.com/goto/book
Here is more info about the Interactive Field Extractor (IFX):
http://docs.splunk.com/Documentation/Splunk/6.0.1/Knowledge/ExtractfieldsinteractivelywithIFX