Utilize the Symantec Web Security Service (WSS) App for Splunk.
Web Security Service
The Symantec WSS App for Splunk is intended to do data collection, data normalization, and visualization of real-time data through API calls. This App utilizes the Technology Add-on feature of Splunk so that users can import their access logs from WSS into Splunk.
Please refer to the WSS Splunk App page and the WSS Splunk App documentation for more details. You can also review the README.txt inside the .tar file for installation, configuration, troubleshooting, and log files.
Customers can also download WSS access logs using scripting or other SIEM applications. Please refer to the Near Real-Time Sync API documentation for assistance with proper implementation. For further troubleshooting, if you need to perform a test to see if WSS is responding to API calls, please use curl to test downloading a log from your WSS
Please note: Symantec Splunk Apps are freely downloadable and editable. As such, they are unsupported by Symantec and are provided to assist with Splunk integration efforts.