Utilize the Symantec Web Security Service (WSS) App for Splunk.
The Symantec WSS App for Splunk is intended to do data collection, data normalization, and visualization of real-time data through API calls. This App utilizes the Technology Add-on feature of Splunk so that users are able to import their access logs from WSS into Splunk.
Customers can also download WSS access logs using scripting or other SIEM applications. Please refer to the Near Real-Time Sync API documentation for assistance with proper implementation. For further troubleshooting, if you need to perform a test to see if WSS is responding to API calls, please use curl to test downloading a log from your WSS
Please note: Symantec Splunk Apps are freely downloadable and editable. As such, they are unsupported by Symantec and are provided to assist with Splunk integration efforts.