I have all my Symantec data collected in an index called Symantec. the data come in from a universal forwarder running on that Symantec log server. I developed and input.conf and prop.conf files, and put them there to make the data in.
Then I install this Splunk Add-on for Symantec Endpoint Protection, hope to have some useful dashboard do a report for me automatically, but nothing shows up. The installation doc does not mention too many details.