Can any one tell how we can identify the symantec EP old av logs and will be there any source to pull these logs ?
Start with the app:
https://splunkbase.splunk.com/app/2772/