Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk for Symantec-Dashboard is Blank

raidercom
Communicator
‎05-08-2013 11:58 AM

Hi:
I've got Splunk for Symantec App installed, and the input.conf files pushed to the SEPM server with the Splunk Universal Forwarder forwarding the SEPM logs to Splunk with the default input.conf. I also setup SEPM (12) to 'Export Logs to a Dump File', with all of the options set on 'Log Filter'.

I can see that Splunk has data from some of the data sources (sep12:agent and sep12:system), but when I go to the Splunk for Symantec App, the dashboard is blank, as are any of the reports that are built in. Have I done something wrong that is causing Splunk to not index the log files properly?

SEPM 12.1.1101.401
Server 2003 (x86) Standard SP2

Thanks for any assistance you could provide.

Tags (1)
0 Karma
Reply

danielchung
New Member
‎05-31-2013 12:57 AM

I'm having the same issue and have posted here , looks like it has to change the index to make it works but don't know how to do it.

0 Karma
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...