I have Splunk for Cisco Firewalls app v2.0 installed. It is generating some warning messages in the logs: WARN SearchOperator:kv - Invalid key-value parser, ignoring it, transform_name='ciscosyslog-src_dom_addr_port_2'; WARN SearchOperator:kv - Invalid key-value parser, ignoring it, transform_name='ciscosyslog-dst_dom_addr_port_2'; and WARN SearchOperator:kv - Invalid key-value parser, ignoring it, transform_name='product_static_IDS'. Are there any samples of stanzas (or example transforms.conf) for these transforms?
