All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

When will the Qualys App for Splunk Enterprise be compatible with search head clustering?

todd_miller
Communicator
‎06-10-2015 08:49 AM

When will the Qualys App for Splunk Enterprise be compatible with search head clustering? We're currently running the app on a standalone search head and would like it integrated with our SHC. If there's any steps to get this working on a SHC, that'd be fantastic.

0 Karma
Reply

vince2010091
Path Finder
‎01-13-2016 07:55 AM

Hi,

Knowledgebase dashboard is based on a lookup, lookup located on indexers, not on SHC, so we put a input monitor on the lookuphave and scheduled a basic search :
index=qualys | table * | outputlookup qualys kb.csv

Now all is working as expected

Regards,
Vince

0 Karma
Reply

jleggett
Explorer
‎06-11-2015 01:23 PM

We have opened a dev issue internally at Qualys to evaluate this. Currently no timeframe.

0 Karma
Reply

vince2010091
Path Finder
‎01-09-2016 04:00 AM

Problem is with knowledebase lookup

0 Karma
Reply

muralianup
Communicator
‎01-13-2016 06:33 AM

What issues are you having. I am also facing some incomplete search results/warnings from qualys index deployed on a SH but we have a distributed environment.

0 Karma
Reply

vince2010091
Path Finder
‎01-06-2016 06:33 AM

Why this can not be installed on a SHC ?

0 Karma
Reply

todd_miller
Communicator
‎01-08-2016 01:51 PM

For all intents and purposes, it can be provided you don't configure any of the data pulling. You need to configure the app on a standalone server to do the data pull to populate the index and run the app on the SHC only to query the index.

0 Karma
Reply

brwilson
Explorer
‎01-19-2016 11:58 AM

So does this mean that if you do it this way, the dashboards won't populate? I ask because I'm looking at installing this on an indexer (to avoid filling up a search head with data that the app pulls down), but I also want to install the app on the search heads for viewing the data.

0 Karma
Reply

muralianup
Communicator
‎01-19-2016 02:16 PM

I have a similar issue. I am getting data from Qualys App from Splunk,created custom app and most of the dashboards are giving "empty csv error" on various indexers in random. Most of the searches/dashboards are giving consistent results. By the way, I have a distributed environment; not SHC.

0 Karma
Reply

todd_miller
Communicator
‎06-23-2015 01:27 PM

Is there any advice on deploying this in a distributed environment?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...