Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Need to create a ASA VPN user report

dgodfrey
New Member
‎09-22-2011 08:22 AM

Hi all -

I've sort of gotten myself into a bind here.... One of my clients was looking for a way to report on VPN usage, with as little cost to them as possible. I discovered Splunk's free license with the Cisco Security Suite / Firewall app and love the information it is giving me, but I am the most basic of users (i've figured out how to add the "UserID" field, click on it, and see pages of SYSLOG data showing me what users connected/disconneted, I've even learned that if I type "%ASA-5-713259" into the search bar, I can see all of my VPN disconnects - COOL!) Now, for my problem... I need to get that information into a printable report with headings and detail.. and I've got know idea how to do it... This whole world of "rex's" and "field extractions" and "events" has me overwhelmed... is there any sort of tutorial on how to do this.. please forgive my ignorance...

0 Karma
Reply

Adrian
Path Finder
‎01-04-2014 01:57 PM

This is a great tutorial:
http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial

You can also download a copy of this free book:
http://www.splunk.com/goto/book

Here is more info about the Interactive Field Extractor (IFX):
http://docs.splunk.com/Documentation/Splunk/6.0.1/Knowledge/ExtractfieldsinteractivelywithIFX

Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...