I'm not aware of updated versions. You may try with the syslog filter from the ASE solution, good chance that it works or that based on what is in the XML you can replicate in the current ClearPass version. As the documentation is very old, it may or may not work. You could reach out to Aruba TAC if you get stuck on the go; or work with Splunk support to see if they have updated documentation.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Mar 20, 2024 05:17 PM
From: ssb@umn.edu
Subject: Splunk app for ClearPass 3.3 missing "ClearPass Syslog Target and Export Filters.xml"
The document:
HPE_a00106533en_us_ClearPass Integration Guide for the Splunk Clearpass APP + HEC Extension
suggests on page 17 that an XML to load the syslog filters should be available in the bundle for the Splunk app, but it is not there. In addition, it specifies ASE solution 70 as another place to get it, but that solution appears to discuss only very old versions of ClearPass and appears not to have been updated since 9 years ago.
Where can I obtain the export filter definitions needed for v3.3 of the Splunk app for ClearPass?