harv-qq issues

Results 4 issues of


                                            harv-qq

Forcepoint matching is inop since upgrade from 2.9.2 > 2.26.5

Seems to always go into nix_os index since upgrade from 2.9.2 > 2.26.5 Original config: splunk_metadata.csv forcepoint_webprotect,index,forcepoint forcepoint_webaccess,index,forcepoint forcepoint_webaccess,sourcetype,websense:access forcepoint_weberror,index,forcepoint forcepoint_weberror,sourcetype,websense:error vendor_product_by_source.csv f_forcepoint_web_access,sc4s_vendor_product,"forcepoint_webaccess" f_forcepoint_web_error,sc4s_vendor_product,"forcepoint_weberror" vendor_product_by_source.conf filter f_forcepoint_web_access{ match("wcgextended") }; filter...

faq candidate

What log format is Expected by the forcepoint_webprotect key?

Ours isnt being recognised using the out of the box send it to splunk by the Forcepoint Content Gateways (configured via the FSM) % % vendor=Forcepoint product=Security product_version=% action=% severity=%...

Cisco FTD not parsing and TA Doc Issues

![image](https://github.com/splunk/splunk-connect-for-syslog/assets/102733878/79788b89-6f6b-4dc3-b689-b5ba05282598) states ASA TA will sort FTD as well ![image](https://github.com/splunk/splunk-connect-for-syslog/assets/102733878/07426700-92be-42a8-a587-6a0908550920) states FTD will assign a sourcetype of cisco:ftd The Cisco ASA TA has no reference for any sourcetype apart from...

Incorrect documentation for Cisco FTD\estreamer

![image](https://github.com/user-attachments/assets/6c32eae0-0fbd-4b62-9eaa-59b557cdb9ef) the archived app https://splunkbase.splunk.com/app/1629/ only contains props for a source of [source::eStreamer] so this will not do anything for data ingested. It is also archived. Should this be updated...