All Apps and Add-ons

I have a question that do i need to update the threat list csv file manuly?

fish111
New Member

splash board shows nothing

WHEN I SEARCH index=summary "alienvault_dest_ip_count=*"
RETURN 01/13/2019 16:12:00 +0800, search_name="Obelisk - Populate Summary Index 1", search_now=1547381520.000, info_min_time=1547367120.000, info_max_time=1547381520.000, info_search_time=1547381521.487, alienvault_dest_ip_count=0

IS THERE SOMTHING got wrong?

Tags (1)
0 Karma

bwindham
Path Finder

I am trying to get this app going as well without success. I have the obelisk app on my Search Head Cluster and the Obelisk add-on on my Heavy Forwarder but I get the same as you.

01/18/2019 04:12:00 -0700, search_name="Obelisk - Populate Summary Index 1", search_now=1547824320.000, info_min_time=1547809920.000, info_max_time=1547824320.000, info_search_time=1547824323.274, alienvault_dest_ip_count=0
01/18/2019 00:12:00 -0700, search_name="Obelisk - Populate Summary Index 1", search_now=1547809920.000, info_min_time=1547795520.000, info_max_time=1547809920.000, info_search_time=1547809924.409, alienvault_dest_ip_count=0

The logs directory on HF show the scripts are working properly too.

0 Karma

bwindham
Path Finder

I was getting errors on the HF due to the addon. I had to modify inputs.conf for the monitored files to something like this: [monitor://c:\progra~1\splunk\etc\apps\TA_obelisk-threat\logs\obelisk_talos_intel*]

I kept getting syntax error and until I modified all of these monitored files with the above format did I get data coming into the indexer.
Now I must wait for the summary indexes to complete.

0 Karma

Crashfry
Path Finder

Any luck with getting everything working?

0 Karma
Get Updates on the Splunk Community!

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...