Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

ASM Logging to Splunk Anomoly

toneman
Altostratus
Altostratus

Hello,

 

The ASM logs we're sending to Splunk have random (Splunk assigned?) field names. For example, violation_rating is named cn2 in Splunk, attack_type shows up as cs4, user_agent is called pm_fpua in Splunk, and so on.

 

Does anyone know if this is a Splunk issue or a logging profile issue?

 

The profile I inherited was configured with a logging format of Common Event Format (ArcSight) although we're talking to Splunk. I assumed changing it back to Key-Value Pairs (Splunk) might fix the issue but it's still jacked up.

 

Thanks,

 

Tone

0 REPLIES 0