- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- I'm indexing thousands of events from Sonicwall in...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a new Sonicwall indexing to Splunk 6.3. I have hundreds of thousands of events coming in from the Sonicwall every hour, however, the summary dashboards are all returning no data. My Sonicwall is sending very few events with a TID or template ID, and they're almost all ID 555. It appears most of the dashboards want to filter on TID, and there simply aren't any. I'm using the default syslog format on the Sonicwall, "Local Use 0" facility. I've tried with and without the "Override Syslog Settings with Reporting Software Settings". I'd like to keep that on as we have Sonicwall Analyzer set up as well. Is there another setting I'm missing in the firewall to get this to work?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It turned out this was related to a customization that was made in the SonicWALL appliance itself. Reset it to factory defaults for logging and it worked fine
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had a similar issue. I have syslog coming into splunk via UDP 514.
I was not getting any data into the Sonicwall Analytics App.
I found that the external collector was not configured.
Once I made sure Splunk was listening on port 2055, I then proceeded to setup the External Collector to use Splunk. All the data was visible via the Sonicwall Analytics app Dashboard(s) after the External Collector was setup.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It turned out this was related to a customization that was made in the SonicWALL appliance itself. Reset it to factory defaults for logging and it worked fine
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Was this done by importing the default logging levels? Or is there another setting to reset that I'm missing here?
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
