Why am I unable to select the custom index created...

AL3Z · ‎01-23-2023

Hi,

We are using the intsights app for splunk cloud as the intsights app installed on splunk idm,we notice that when we try to create a inputs to get the alerts,we are not able to select the custom index created in the indexer.

Why the all indexes which are present in splunk cloud not populating in the intsights app splunk idm ??

gcusello · ‎01-23-2023

Hi @AL3Z,

indexes created on on-premise Indexers aren't visible on on premise Search Heads, but on Splunk Cloud you should be able to see all Indexes.

Check the grants of the user you're using.

Ciao.

Giuseppe

AL3Z · ‎01-23-2023

@gcusello

We have created the index in splunk cloud only it's not populating in the intsights app

gcusello · ‎01-23-2023

Hi @AL3Z,

I suppose that this app is installed in Splunk Cloud, or not?

if on-premise, it's a different thing: it's normal that you don't see it, it's the same thing if you have an Indexer an a Search Head.

In this case you have two solutions: configure the index in the input.conf file, create an empry index with the same name on the on-premise Search Head.

Ciao.

Giuseppe

Why am I unable to select the custom index created in the indexer?

troubleshooting

Platform Newsletter Highlights | March 2023

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor