This app provides CIM compliant field extractions, eventtypes and tags for Cisco ACS events. This does not include any dashboards or views.
This app contains index-time operations for timestamping, linebreaking and host rewriting. These are, however, commented out, and should be reviewed prior to use.
This TA expects a sourcetype of cisco:acs.
This TA can be installed by untarring to the $SPLUNK_HOME/etc/apps directory, uploading via the web interface or by using Deployment Server.
This TA was created and tested with the following versions of Cisco ACS:
- Versions 5.x
- Versions 4.x
Initial release
Made changes to event types (thanks to Vlad from Splunk!)
Changes to field aliases for changes in fieldalias behavior in Splunk 7.2 (thanks to danverandy)
Added extractions for Port and Device_Port