Cisco Cisco Web Security Appliance S190 Guía De Instalación
1-7
Cisco Web Security Appliance Advanced Reporting Installation, Setup, and User Guide
Chapter 1 Installation and Setup
Import and Index Historical Data
(Optional) Estimate the Import Time
The historical summary can take up to 9 hours to complete
Step 1
Allow 4 minutes per 5 million events (2GB of raw data) per summary job based upon the platform
hardware recommendations.
hardware recommendations.
Example: Expect a 10GB file representing 25 million historical events to take 20 minutes to run against
each summary job.
each summary job.
Step 2
Allow for the 27 summary jobs used by Cisco Web Security Appliance Advanced Reporting.
Import and Index Historical Data
Before You Begin
•
Complete configuration tasks listed in
.
•
Verify that field extractions are correct. See
.
•
Know the folder structure. See
.
•
(Optional) See
.
Step 1
Copy the historical log files into the folder structure for log files.
Note
By default, these logs will be deleted after the data is indexed.
Step 2
From a command prompt run the summary script:
Linux: $SPLUNK_HOME/etc/apps/CiscoWSA/bin/summary.sh
Windows: X:\$SPLUNK_HOME\etc\apps\CiscoWSA\bin\summary.vbs
Step 3
Navigate to the Splunk folder and enter the local Splunk administrator credentials when prompted.
Note
You may not see immediate results.
Step 4
In Splunk Web, login as admin.
Step 5
Verify that data is being imported:
In Splunk 5.0.10:
a.
Select App > Search.
b.
Select Status > Index Activity > Index Activity Overview.
c.
Look in the report for summary index growth.
In Splunk 6.1.4:
a.
Go to the search app.
b.
Select Settings > Indexes.
c.
Scroll down to the summary row.