we have recently taken out Sophos Central and we would like to have a dashboard for Spunk to show any issues. I have installed the Sophos App as well as the Sophos Add-in and set the input to the API key etc and all the other details. is there anything else i need to do so it will show any details in the dashboard?
thanks everyone.
I have tried to configure the index for Sophos add in and the app but cannot get any info into the dashboard, even when we have added the API info. am i missing something?
Did you deployed the CIM app https://splunkbase.splunk.com/app/1621/? it is to normalise the data as described on the addon documents ->https://docs.splunk.com/Documentation/AddOns/latest/Sophos/Description
I also recommend for you to use the splunk btool to troubleshoot the inputs to make sure it is properly setup.
splunk cmd btool input list --debug
check this document for further btool information -> https://answers.splunk.com/answers/578359/how-do-you-btool-inputsconf.html