I am trying to figure out which directory the Splunk Add-on for Cisco ESA is sending the data to Splunk as noted on step 4 "Click Browse next to the File or Directory field."
http://docs.splunk.com/Documentation/AddOns/released/CiscoESA/Configureinputsonaforwarder
I can search against the data but it is not indexing correctly. The source type is syslog. I tried to run searching within Splunk but cannot find where the logs are being stored in.
↧