This question is for users that have Checkpoint Firewalls deployed within their enterprise.
When creating firewall objects to add to an ACL group - Splunk seems to ingest logs and post the object name and no longer the IP address when I'm specifically asking for the IP address.
Example - Host Object is bankofamerica - IP address 108.x.x.x.
Splunk displays the dest_ip as bankofamerica instead of the IP address.
Before creating the object bankofamerica - the IP address would show.
On top of that - I'm also sporadically getting strings that look like this " Vaae9cde7-d091-4fb2-ae2a-a2e4d6a6ac32
" for some source and destination IP fields.
This only started happening when I started creating firewall objects.
Has anyone else seen these issues similar to this? It's extremely frustrating.