All Apps and Add-ons

No data input from Nexpose

dingdj
Explorer

After installing this new TA and setting up inputs.conf, no data were pulled from Nexpose database and there were no errors in the log file ( TA-rapid7_nexpose.log) either. Same userid and password was used for the previous version of Rapid 7 app without issues. It seems that the local inputs.conf was ignored. I wish there are more information in the log file to show the activities and a debug flag to get more information from the app.

Thanks

-DJ

splk
Communicator

Caution:
You have to completely remove the Rapid7 App (also from the file system). The Add-On will not work correctly if you have the App and the Add-On installed!

0 Karma

dingdj
Explorer

This version (v1.1.2) worked under both Splunk v6.5.1 and v6.5.2. It is compatible with Splunk ES. Good job!

0 Karma

andrewr7
New Member

DJ,

One more thing, which version of Splunk are you using? Currently, the integration does not work with Splunk 6.4 or higher. Our team is currently working on the integration to work with 6.4 or higher but I do not have an timeframe for you right now.

Andrew W.
Rapid7,Hello DJ,

My name is Andrew and I am one of the support managers here at Rapid7. We are more than happy to help with this, have you tried opening a support request for this issue? If not, you can email support@rapid7.com and one of our support engineers will be able to look into this for you and assist in any way that we can.

Andrew W.
Rapid7

0 Karma

kmanson
Path Finder

Say What? The app page says it supports Splunk 6.5 is that not true?
https://splunkbase.splunk.com/app/3457/

0 Karma

andrewr7
New Member

@kmanson, you are correct, the new integration does indeed support Splunk 6.5. You will need to go download the new integration and use that. The new integration is only a few weeks old.

0 Karma

dingdj
Explorer

Hi Andrew,

You answered my question. We are running Splunk v6.5.1 enterprise edition on Redhat Linux v7.3. Hopefully your app will be updated soon to support latest version of Splunk.

Thanks

-DJ

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!