Forum Discussion

toneman's avatar
Icon for Altostratus rankAltostratus
Oct 07, 2021

ASM Logging to Splunk Anomoly



The ASM logs we're sending to Splunk have random (Splunk assigned?) field names. For example, violation_rating is named cn2 in Splunk, attack_type shows up as cs4, user_agent is called pm_fpua in Splunk, and so on.


Does anyone know if this is a Splunk issue or a logging profile issue?


The profile I inherited was configured with a logging format of Common Event Format (ArcSight) although we're talking to Splunk. I assumed changing it back to Key-Value Pairs (Splunk) might fix the issue but it's still jacked up.





No RepliesBe the first to reply