Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why is my sophos dashboard not showing data?

madhuys
Loves-to-Learn
‎04-24-2023 10:25 AM

I have sophos and sonicwall firewall in my network and installed splunk for log gathering. Then I configured sophos in splunk, collecting all logs from sophos. But showing no data in sophos dashboard.

 

Please guide me to get sophos all alerts in dash

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎04-24-2023 11:35 AM

Installing an app and collecting logs is not unlike digging a tunnel from both ends.  If you're not careful, the ends won't meet.

No doubt the Sophos dashboard is looking for specific data in a specific place.  Did you put your logs in the right place (index)?  Do your logs have the data the dashboard is looking for? 

Check the timestamps on the logs because if they're incorrect then Splunk won't find the data.  For  instance, if the time zone is off then events may be indexed "in the future".

You may need to read the dashboard code to see exactly what is being sought.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

madhuys
Loves-to-Learn
‎04-24-2023 10:05 PM

Thanks for the replay.  I have followed the mentioned URL. it is fetching logs from sophos firewall. I'm missing something here. please guide.

https://community.sophos.com/sophos-integrations/w/integrations/106/splunk-add-on-for-sophos-next-ge...

 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎04-25-2023 05:24 AM

As I stated previously, ingesting data is only part of the puzzle.  Have you examined the app to see what data it expects and where it expects to find it?  Do you have the data the app is expecting?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

madhuys
Loves-to-Learn
‎05-07-2023 10:57 AM

Thanks for support. I tried to find the problem but failed.  How to diagnose line by line to identify the  problem.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-07-2023 11:59 AM

HOW did you try to solve the problem?

This probably is not a line-by-line debugging scenario.  This is a case of examining the search(es) used by the dashboard and confirming you have the data sought by the search.

Use the Edit button to open the dashboard then click the magnifying glass icon to see the search query.  Copy that query into a separate search tab/window.  Set the time range to match that used by the dashboard.  Remove everything from the first pipe (|) to the end of the query and run the search.  Verify you get results.  If you don't then something in the new query doesn't match your data and will have to be modified.

If you do get results, then add the pipe and command from the original query and run the search again.  Verify you get results.  Repeat this process until you get no results.  That command will be the one causing the problem.  Modify that command so it works with the data you have.  Copy the resulting query back to the dashboard.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...