Hi,
I didn't found the answer. I got splunk 5.0.1 and it worked good!
Since I've installed four apps :
-TA-cisco_asa
-Splunk_for_CiscoASA
-maps
-sideview_utils
I restart splunk , I added data syslog with UDP port 514 and I see a yellow bar with :
"received event for unconfigured/disabled/deleted index='firewall' with source='source::udp:514' host='host::192.X.X.X' sourcetype='sourcetype::cisco:asa' (1 missing total)"
And in my splunkd.log we can see :
"DateParserVerbose - Failed to parse timestamp. Defaulting to timestamp of previous event (Wed Jan 23 11:29:58 2013). Context: source::514|host::192.X.X.X|syslog|"
Would I have missed a conf ?
Thanks to help me !
... View more