Splunk Add-on for Juniper 1.3.0 - deprecated sourc...

pc1234 · ‎04-01-2020

Splunk Add-on for Juniper 1.3.0 version 1.3 release notes indicate that the sourcetype juniper:sslvpn is deprecated.
version 1.3.0 still supports this sourcetype. Will events associated with this sourcetype be re-mapped to another sourcetype in the next version after 1.3.0 ? Do I need to take any action when upgrading from version 1.2.0 to 1.3.0?

Any assistance is appreciated.

jshah24 · ‎04-02-2020

By deprecation of juniper:sslvpn sourcetype, it means that it is no longer supported and there won't be any enhancement/fixes to that sourcetype. The add-on still has this sourcetype for the backward compatibility only. So, no additional action required in order to upgrade to 1.3.0.

zrxcrasher · ‎11-13-2020

When a sourcetype is depreciated, is there somewhere I can look to understand why this action was taken. We currently make use of that sourcetype in the Splunk Add-on for Juniper v1.2.0. In doing some testing in our Splunk Dev environment, I found out the hard way that this was the case, as nothing parsed after that upgrade.

What are customers to use, what that data and parsing is still needed?

Splunk Add-on for Juniper 1.3.0 - deprecated sourcetype juniper:sslvpn

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...