All Apps and Add-ons

Tenable add-on for Splunk: How to allow full ingestion

Path Finder

I am noticing that Splunk ingestion is spotty.
For example, out of a hundred machines that have pluginID 38153 results a few days ago (verified in the SecCenter GUI),
only three of these machines/results are found in Splunk.

Are there a limits.conf or another setting that needs to be changed to allow full ingest?

0 Karma

Path Finder

I have emailed Tenable to upgrade my current Tenable login to be a valid Support Portal account. In the interim, does anyone else have experience with this limit in ingestion? The Tenable add-on does not have a limits.conf, so wondering where else these limits would be found, maybe under system/default?

0 Karma

Communicator

Everything should work out of the box. If you are seeing inconsistencies please create a support case with Tenable and we can help resolve.

0 Karma