kulcsari
commented
6 years ago Hi,
If you think, you can check this answers about handling CEF events with Splunk. Maybe it can save some time for you. https://answers.splunk.com/answers/607697/cef-logs-parsing-for-enterprise-security.html
Regards, Istvan
Build extractions for CEF format