I have installed Splunk for Symantec, have syslog data populating the index, source set to sep12:log but the application reports are empty. Any thoughts?
The app is being run as my account which has access to everything. Should note, we are still running on the free version.
Have a look at the permission of the index. Does the user allowed access the index ???
If not add the index to the role in which the user is in.
Access controls » Roles »
