Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

cisco_ironport_web.log sample data needed

pbugeja
New Member
‎03-14-2017 02:22 PM

I am building an index and would like to get some sample data, specifically Cisco Ironport Web data that contains a user, URL and domain fields.

Tags (1)
0 Karma
Reply

mattymo
Splunk Employee
Splunk Employee
‎03-15-2017 07:31 PM

Hi pbugeja!

PRO TIP! : Splunk built TAs usually contain a sample directory! Gives you an idea what we used to build the TAs!

Check out the Cisco WSA TA, it has a few goodies in there! Hopefully one fits your needs!

https://splunkbase.splunk.com/app/1747/

alt text

- MattyMo
0 Karma
Reply

pbugeja
New Member
‎03-15-2017 05:41 AM

Hi Asimagu,

I appreciate your reply, but I had reviewed the logs on the OSSEC site and was not able to find the appropriate log that contained the fields needed.
/Paul

0 Karma
Reply

asimagu
Builder
‎03-15-2017 05:32 AM

you could try this: http://ossec-docs.readthedocs.io/en/latest/log_samples/

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...