All Apps and Add-ons

Splunk Add-on for OSSEC: Why are there missing files from add-on and where to find them?

New Member

The Splunk_TA_ossec files are missing from the Splunk Add-on for OSSEC:


Splunk documentation claims that they should be there for OSSEC dashboards:

Anyone know where to find them?


0 Karma

New Member

Hi Hunter,

Thanks for your quick answer, and correct clarification.

My confusion was a result of there being TWO ossec config files:

1) ossec-hids-2.8.3.tar.gz -> installs ossec itself
2) splunk_add-on-for-ossec_401 -> installs Splunk_TA_ossec, for ossec/Splunk integration.

I had just missed the second one.


0 Karma

Splunk Employee
Splunk Employee

Hi David,

After you install the add-on, the lookup files can be found in the installation directory here;


Hope it helps. Thanks!

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!


Or Learn More in Our Blog >>