All Apps and Add-ons

SEP Dashboards?

jastle123456
New Member

Hello,

I have Splunk 6.3.1 running on a single Linux instance. I have installed the Splunk Add-on for Symantec Endpoint Protection V2.1.0 , setup my SEP 12 server to dump logs, forward logs from sep server to Splunk server to a new "symantec" index. I am seeing all of my logs and parsing is looking great.

Is there something special I need to do to activate the Dashboards? I dont see them anywhere.

Thanks

0 Karma

rpille_splunk
Splunk Employee
Splunk Employee

Hi jastle123456. This add-on has pre-built panels, but you have to put them into a dashboard yourself. Here are the steps to do that: http://docs.splunk.com/Documentation/AddOns/latest/Overview/Prebuiltpanels

Hope that helps!

sphadnis
Path Finder

Thanks. I just installed the TA on my Search head, and I dont see any prebuilt panels. I am using this link http://docs.splunk.com/Documentation/AddOns/latest/Overview/Prebuiltpanels and when I try to set the app context to "Splunk Add-on for Symantec Endpoint Protection" I dont even see it in the list. Also, when I try to add any panels on a new dashboard, I do not see anything with SEP or Symantec. What am I doing wrong? (I installed the TA using the tgz on the "install app from the file" option. Please let me know - thanks!

0 Karma

sphadnis
Path Finder

I have Splunk 6.1 - will the prebuilt panels work on this version too? Please let me know - Thanks!

0 Karma

mreynov_splunk
Splunk Employee
Splunk Employee

Should not be a problem.

0 Karma

rpille_splunk
Splunk Employee
Splunk Employee

Prebuilt panels were introduced in Splunk platform version 6.2, so you would need to upgrade before attempting to use this feature.

0 Karma

jastle123456
New Member

Perfect! Thanks.

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!