Solved: Symantec Endpoint Reporting App blank

frankhulcoop · ‎07-05-2013

Hi,

I've added the Symantec Endpoint Reporting App, but nothing is showing up in the dash.

I've setup logs to be transferred via UDP:515. If I search for data using sourcetype=sep11:log or source=udp:515 I can see all of the data so it's obviously going to splunk. Reading other questions, do I need to change the index? currently the index for the entries is showing as main. If I need to can someone guide me through it.

Im new to splunk so please be gentle.

bosburn_splunk · ‎07-08-2013

I actually suggest you install this app instead - http://splunk-base.splunk.com/apps/74435/splunk-for-symantec - Mine is outdated and hasn't been updated in a long time.

Brian

View solution in original post

o_calmels · ‎12-18-2014

Hi, i have exactly the same problem, did you you solve it ?
I found that the sub-sourcetype defined in props.conf and transform.conf are not applied.
Any clue ?

bosburn_splunk · ‎07-08-2013

I actually suggest you install this app instead - http://splunk-base.splunk.com/apps/74435/splunk-for-symantec - Mine is outdated and hasn't been updated in a long time.

Brian

Symantec Endpoint Reporting App blank

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!