Cisco Cisco Web Security Appliance S670 Installation Guide
1-8
Cisco Web Security Appliance Advanced Reporting Installation, Setup, and User Guide
Chapter 1 Installation and Setup
Set Up Ongoing Data Transfers
d.
Verify that the Earliest event and Latest event columns display reasonable dates.
Step 6
If the historical data import was run under a Splunk evaluation license, install the Enterprise default
license downloaded for the account and remove any non-Production licenses.
license downloaded for the account and remove any non-Production licenses.
What to Do Next
•
(Optional) Customize the Summary Script
Step 1
Open the summary script for editing:
•
Linux: $SPLUNK_HOME/etc/apps/CiscoWSA/bin/summary.sh
•
Windows: X:\$SPLUNK_HOME\etc\apps\CiscoWSA\bin\summary.vbs
Step 2
Search for this string:
time $Spath/bin/splunk cmd python $Spath/bin/fill_summary_index.py -app
SplunkforCiscoIronportWSA -namefile
$Spath/etc/apps/SplunkforCiscoIronportWSA/bin/summary.jobs -et -90d -lt now -j 8 -dedup true
SplunkforCiscoIronportWSA -namefile
$Spath/etc/apps/SplunkforCiscoIronportWSA/bin/summary.jobs -et -90d -lt now -j 8 -dedup true
Step 3
Customize the start and end dates and the number of cores used by the summary script:
Set Up Ongoing Data Transfers
Configure Data Inputs in Splunk
Before You Begin
•
•
Know the path to your log files:
•
Open Splunk Web.
Step 1
In Splunk Web:
•
Splunk version 6.1.4: Select Settings > Data Inputs > Files and Directories.
Setting
Default
Description
-et
-90d
Start day. Number of historical days at which to begin summarizing. The
default value of -90d begins at 90 days prior to the current day.
default value of -90d begins at 90 days prior to the current day.
-lt
now
End day. Number of historical days at which to stop summarizing. The default
value of now stops with the current day. A default of -1d would stop with
yesterday’s data.
value of now stops with the current day. A default of -1d would stop with
yesterday’s data.
-j
8
Number of cores to be used by the summary script.