To the best of my knowledge after following Splunk guides and the Tripwire App PDF, I am unable to get data to the Tripwire IP360 App for Splunk Enterprise (that I downloaded current from Tripwire). When I visit the app, it only says 'No results found'. Below is a list of everything I have done so far
I've done everything that the setup PDF that came with the IP360 Splunk App said to do as well as followed the guides on Splunkbase for the Splunk DB Connect configuration, but the IP360 App in Splunk shows no data. If I go to SQL Explorer in DB Connect and select the Connection and Catalog that was set up in Tripwire, I'm able to view schemas and tables within the SQL DB.
What am I missing?
Issue is now resolved. Everything was correct with our setup and configuration. The problem was that the Tripwire IP360 App was supposed to create two inputs in the Splunk DB Connect app in Splunk DB Connect > Data Lab > Inputs but did not. A Tripwire support rep told us that this was supposed to happen automatically after the full server restart. Once we applied updates to our server for routine maintenance, the inputs were created, and the dashboard began populating now Splunk knew what to do with the Tripwire logs.
Issue is now resolved. Everything was correct with our setup and configuration. The problem was that the Tripwire IP360 App was supposed to create two inputs in the Splunk DB Connect app in Splunk DB Connect > Data Lab > Inputs but did not. A Tripwire support rep told us that this was supposed to happen automatically after the full server restart. Once we applied updates to our server for routine maintenance, the inputs were created, and the dashboard began populating now Splunk knew what to do with the Tripwire logs.