After installing this new TA and setting up inputs.conf, no data were pulled from Nexpose database and there were no errors in the log file ( TA-rapid7_nexpose.log) either. Same userid and password was used for the previous version of Rapid 7 app without issues. It seems that the local inputs.conf was ignored. I wish there are more information in the log file to show the activities and a debug flag to get more information from the app.
One more thing, which version of Splunk are you using? Currently, the integration does not work with Splunk 6.4 or higher. Our team is currently working on the integration to work with 6.4 or higher but I do not have an timeframe for you right now.
My name is Andrew and I am one of the support managers here at Rapid7. We are more than happy to help with this, have you tried opening a support request for this issue? If not, you can email email@example.com and one of our support engineers will be able to look into this for you and assist in any way that we can.
@kmanson, you are correct, the new integration does indeed support Splunk 6.5. You will need to go download the new integration and use that. The new integration is only a few weeks old.
You answered my question. We are running Splunk v6.5.1 enterprise edition on Redhat Linux v7.3. Hopefully your app will be updated soon to support latest version of Splunk.