Re: configuration for Sophos App

aoweneoecoop · ‎12-27-2019

we have recently taken out Sophos Central and we would like to have a dashboard for Spunk to show any issues. I have installed the Sophos App as well as the Sophos Add-in and set the input to the API key etc and all the other details. is there anything else i need to do so it will show any details in the dashboard?
thanks everyone.

aoweneoecoop · ‎12-31-2019

I have tried to configure the index for Sophos add in and the app but cannot get any info into the dashboard, even when we have added the API info. am i missing something?

ivanreis · ‎01-05-2020

Did you deployed the CIM app https://splunkbase.splunk.com/app/1621/? it is to normalise the data as described on the addon documents ->https://docs.splunk.com/Documentation/AddOns/latest/Sophos/Description
I also recommend for you to use the splunk btool to troubleshoot the inputs to make sure it is properly setup.
splunk cmd btool input list --debug

check this document for further btool information -> https://answers.splunk.com/answers/578359/how-do-you-btool-inputsconf.html

configuration for Sophos App

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation