I have Splunk 6.3.1 running on a single Linux instance. I have installed the Splunk Add-on for Symantec Endpoint Protection V2.1.0 , setup my SEP 12 server to dump logs, forward logs from sep server to Splunk server to a new "symantec" index. I am seeing all of my logs and parsing is looking great.
Is there something special I need to do to activate the Dashboards? I dont see them anywhere.
Hi jastle123456. This add-on has pre-built panels, but you have to put them into a dashboard yourself. Here are the steps to do that: http://docs.splunk.com/Documentation/AddOns/latest/Overview/Prebuiltpanels
Hope that helps!
Thanks. I just installed the TA on my Search head, and I dont see any prebuilt panels. I am using this link http://docs.splunk.com/Documentation/AddOns/latest/Overview/Prebuiltpanels and when I try to set the app context to "Splunk Add-on for Symantec Endpoint Protection" I dont even see it in the list. Also, when I try to add any panels on a new dashboard, I do not see anything with SEP or Symantec. What am I doing wrong? (I installed the TA using the tgz on the "install app from the file" option. Please let me know - thanks!