Updated to allow the extractions to properly work with variances in spacing that we were observing (which were causing none of the extractions to work). Sorry for the oversight.
Added extractions for the SRX CLOSE/CREATE/DENY messages that were cited by mbassettjr in the comments. Thanks for that... unfortunately we only recently implemented functionality to show messages in those formats, so was unable to have that output to test against originally.
All 3 new ones SHOULD be working fine, but I noticed that we have an extra field in our DENY output logs vs mbassettjr's version in the comments. If your results seem off for those messages, take a look at his version below. The other two (CLOSE and CREATE) were implemented directly and work fine for us without modification.
Also, there's now field-aliases in place for "policy_name" to "policy_id", "inbound_interface" to "src_zone" and "outbound_interface" to "dest_zone".
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.