I would like to identify data ex filtration through my Cisco ASA firewalls. Is this possible? Can you provide a sample query?
I'd try experimenting with the Splunk Add-on for Cisco ASA (https://splunkbase.splunk.com/app/1620/) since it appears that one of the metrics that maps to the Common Information Model (CIM) is 'Network Traffic'.
http://docs.splunk.com/Documentation/AddOns/latest/CiscoASA/DataTypes
I don't currently have a Cisco ASA to test with, but this add-on may help to provide enough information to run a search against the network traffic fields such as 'bytes', 'bytes_in', or 'bytes_out'. Here is more information on the 'Network Traffic' data model for the Common Information Model.
http://docs.splunk.com/Documentation/CIM/4.3.1/User/NetworkTraffic