I have the Splunk for Cisco Firewalls Addon installed, and I'm trying to get data into it. The Readme has this line in it for configuring the data inputs. (I'm using version 2.0)
"Click Manager > Apps > Cisco Firewalls > "Set up"
However, when I go there, I do not see a "Set up" option at all. These are the only options that I see:
Global | Permissions Enabled Launch app | Edit properties | View objects | View details on Splunkbase
I'm assuming that the install docs are just out of date, but I also tried doing it manually by creating inputs.conf and using the following:
[udp://2550] disabled = false
I restarted Splunk after making that change but I am not getting any data. I have been using that port before installing the Addon and I can verify that log data is still coming into it - Splunk just isn't getting it.
What am I missing? Any insight would be appreciated. Thanks!
