All Apps and Add-ons

not logging failures, it's only showing successes

GArienti
Explorer

I've installed this app on splunk 7 enterprise for windows and I thought it was a bug, so I now downgraded to 6.5.3
I still don't see connection failures. I checked the firewall logs and I see drops, so the port is blocked. However, my search only shows successes.

I took a peak at the py files and I see I am supposed to get a "999" status, but I only see "200"s.

Thank you,

0 Karma

nplamondon
SplunkTrust
SplunkTrust

I don't have experience with this TA, but it sounds like you're getting incomplete data. i'd first check the source to confirm those drops are being logged where Splunk can see them, then verify your inputs are set to collect that source properly.

That said, I notice the app is only known to work (according to splunkbase) up to Splunk 6.6, so I'd be concerned about its ability to function on 7+. If this app is something you have a need for, I'd recommend contacting the author to see if they have plans to update it.

0 Karma
Get Updates on the Splunk Community!

New Cloud Intrusion Detection System Add-on for Splunk

In July 2022 Splunk released the Cloud IDS add-on which expanded Splunk capabilities in security and data ...

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...