All Apps and Add-ons

When will the Qualys App for Splunk Enterprise be compatible with search head clustering?

todd_miller
Communicator

When will the Qualys App for Splunk Enterprise be compatible with search head clustering? We're currently running the app on a standalone search head and would like it integrated with our SHC. If there's any steps to get this working on a SHC, that'd be fantastic.

0 Karma

vince2010091
Path Finder

Hi,

Knowledgebase dashboard is based on a lookup, lookup located on indexers, not on SHC, so we put a input monitor on the lookuphave and scheduled a basic search :
index=qualys | table * | outputlookup qualys kb.csv

Now all is working as expected

Regards,
Vince

0 Karma

jleggett
Explorer

We have opened a dev issue internally at Qualys to evaluate this. Currently no timeframe.

0 Karma

vince2010091
Path Finder

Problem is with knowledebase lookup

0 Karma

muralianup
Communicator

What issues are you having. I am also facing some incomplete search results/warnings from qualys index deployed on a SH but we have a distributed environment.

0 Karma

vince2010091
Path Finder

Why this can not be installed on a SHC ?

0 Karma

todd_miller
Communicator

For all intents and purposes, it can be provided you don't configure any of the data pulling. You need to configure the app on a standalone server to do the data pull to populate the index and run the app on the SHC only to query the index.

0 Karma

brwilson
Explorer

So does this mean that if you do it this way, the dashboards won't populate? I ask because I'm looking at installing this on an indexer (to avoid filling up a search head with data that the app pulls down), but I also want to install the app on the search heads for viewing the data.

0 Karma

muralianup
Communicator

I have a similar issue. I am getting data from Qualys App from Splunk,created custom app and most of the dashboards are giving "empty csv error" on various indexers in random. Most of the searches/dashboards are giving consistent results. By the way, I have a distributed environment; not SHC.

0 Karma

todd_miller
Communicator

Is there any advice on deploying this in a distributed environment?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...