I've just installed the Splunk Add-on for Cisco ESA and looking to have the correct sourcetypes and field extractions. Am I simply appending my `C:\Program Files\Splunk\etc\system\local\` props and transforms with what is contained in the `C:\Program Files\Splunk\etc\apps\Splunk_TA_cisco-esa\default` props and transforms files?
↧