All Apps and Add-ons

Missing events for PAVO Network Traffic App

saharira
Engager

Hi,
I install PAVO Network Traffic App for Splunk for splunk enterprise 8.0 (60 day trial), but I does not see any data on dashboard.
I'm just start splunk 2 weeks ago.
I already installed Splunk Common Information Model. I'm already monitor syslog windows 10 and linuxMint VM's (by using respective forwarder)
Please, could you help ?

What is the correct SPL in order to check data?
On which index, PAVO Network Traffic App expected data?

Many thanks in advance for your help.
Samir

1 Solution

aplura_llc_supp
Path Finder

There could be two reasons for this happening. Please check both items to make sure everything is configured properly.

  1. Make sure the index where your data resides is specified in the "cim_Network_Traffic_indexes" macro.
  2. This app uses accelerated data so you will want to make sure the Network Traffic data model is accelerated.

You can verify data by running this search

| tstats count from datamodel=Network_Traffic where index=* by sourcetype

or

| datamodel Network_Traffic flat

The first command checks the acceleration and the 2nd command shows the events in the data model.

View solution in original post

0 Karma

HakobA
Explorer

@saharira were you able to fix the issue? I am having the same problem! 

0 Karma

aplura_llc_supp
Path Finder

There could be two reasons for this happening. Please check both items to make sure everything is configured properly.

  1. Make sure the index where your data resides is specified in the "cim_Network_Traffic_indexes" macro.
  2. This app uses accelerated data so you will want to make sure the Network Traffic data model is accelerated.

You can verify data by running this search

| tstats count from datamodel=Network_Traffic where index=* by sourcetype

or

| datamodel Network_Traffic flat

The first command checks the acceleration and the 2nd command shows the events in the data model.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...