- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Tripwire IP360 on Splunk Enterprise: Not pulling d...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To the best of my knowledge after following Splunk guides and the Tripwire App PDF, I am unable to get data to the Tripwire IP360 App for Splunk Enterprise (that I downloaded current from Tripwire). When I visit the app, it only says 'No results found'. Below is a list of everything I have done so far
- Enabled remote access to my Splunk search head on the VNE
- Installed OpenJDK 1.8.0.232 on Splunk
- Installed Splunk DB Connect 3.2.0
- Created an identity to match the username and password defined on the VNE remote access properties
- Created a connection using PostgreSQL using the properties define on the remote access page of the VNE
- There are no errors with the Identity or Connection setup
- Installed the Tripwire IP360 Splunk Add-on
- Left the default configuration (DBX v3)
- Installed the Tripwire IP360 Splunk App
- Made firewall rules to allow communication between the VNE and Splunk for port 5432 for PostgreSQL
I've done everything that the setup PDF that came with the IP360 Splunk App said to do as well as followed the guides on Splunkbase for the Splunk DB Connect configuration, but the IP360 App in Splunk shows no data. If I go to SQL Explorer in DB Connect and select the Connection and Catalog that was set up in Tripwire, I'm able to view schemas and tables within the SQL DB.
What am I missing?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Issue is now resolved. Everything was correct with our setup and configuration. The problem was that the Tripwire IP360 App was supposed to create two inputs in the Splunk DB Connect app in Splunk DB Connect > Data Lab > Inputs but did not. A Tripwire support rep told us that this was supposed to happen automatically after the full server restart. Once we applied updates to our server for routine maintenance, the inputs were created, and the dashboard began populating now Splunk knew what to do with the Tripwire logs.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Issue is now resolved. Everything was correct with our setup and configuration. The problem was that the Tripwire IP360 App was supposed to create two inputs in the Splunk DB Connect app in Splunk DB Connect > Data Lab > Inputs but did not. A Tripwire support rep told us that this was supposed to happen automatically after the full server restart. Once we applied updates to our server for routine maintenance, the inputs were created, and the dashboard began populating now Splunk knew what to do with the Tripwire logs.
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
