All Apps and Add-ons

configuration for Sophos App

Explorer

we have recently taken out Sophos Central and we would like to have a dashboard for Spunk to show any issues. I have installed the Sophos App as well as the Sophos Add-in and set the input to the API key etc and all the other details. is there anything else i need to do so it will show any details in the dashboard?
thanks everyone.

0 Karma

Explorer

I have tried to configure the index for Sophos add in and the app but cannot get any info into the dashboard, even when we have added the API info. am i missing something?

0 Karma

Builder

Did you deployed the CIM app https://splunkbase.splunk.com/app/1621/? it is to normalise the data as described on the addon documents ->https://docs.splunk.com/Documentation/AddOns/latest/Sophos/Description
I also recommend for you to use the splunk btool to troubleshoot the inputs to make sure it is properly setup.
splunk cmd btool input list --debug

check this document for further btool information -> https://answers.splunk.com/answers/578359/how-do-you-btool-inputsconf.html

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!