All Apps and Add-ons

Splunk app for infrastructure is not showing entities and im receving events, i did all te troubleshooting task!! Help!!

carlosmacario
New Member

I have Installed Splunk App For Infrastructure and Splunk add-on for infrastructure.
I have configured the HEC 8088 and the Receiving Port 9997.
I have installed a Linux Client with the script.
I made troubleshooting.
In Splunk Enterprise im looking metrics arriving from that customers

I Dont See New Entities Connected!!

😞

Tags (2)
0 Karma

woodcock
Esteemed Legend

You need to specify ALL of the details and the configuration files and the contents of them. This is a complex pipeline and you've hardly told us anything.

0 Karma

gcusello
Esteemed Legend

Hi carlosmacario,
check if in the eventtypes there are indexes: usually in these apps there isn't the flter for indexes.
you can check this opening in search one panel and adding the filter index=your_index

To solve this problem, you could choose between two solutions:

  • put the indexes in the default search path [ Settings -- Access Controls -- Roles -- -- Indexes];
  • create an eventtype with index=your_index and put this eventtype in each eventtype or macro of your App.

I prefer the second though it requests more work, because it's more clear and more performant.

Ciao.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...