Solved: Re: Qualysguard splunk - No data

crossap · ‎03-23-2015

Hi,

I am in the process of setting up the Qualys app for splunk but unfortunately cannot receive any data.

I have logged the issue with Qualys for investigation but wondered if anyone else had come across the issue?

I am using the latest app and Splunk has been upgraded to the latest version (Running on Win2k12)

The setup of the application itself has been done correctly eg: API Server, User being used can authenticate and has the API enabled on the account, Scripts set to run every 60 secs for testing.

I have managed to find this one entry in the splunk logs

ERROR ExecProcessor - Couldn't start command ""C:\Program Files\Splunk\etc\apps\qualys_splunk_app\bin\qualys_detection_logger.sh"": The operation completed successfully.

lukeh · ‎03-23-2015

According to the documentation, the app only supports a "Computer with MacOS or Linux"

https://apps.splunk.com/app/2654/#/documentation

The error you posted shows a script ending with .sh which is for a Unix system, aka MacOS or Linux.

All the best,

Luke.

View solution in original post

paul_DLB · ‎08-03-2016

Is there already a version for Windows2k12 ? I think a lot of splunk users are running on windows.

lukeh · ‎03-23-2015

According to the documentation, the app only supports a "Computer with MacOS or Linux"

https://apps.splunk.com/app/2654/#/documentation

The error you posted shows a script ending with .sh which is for a Unix system, aka MacOS or Linux.

All the best,

Luke.

crossap · ‎03-23-2015

Hi Luke,

thanks for your response.

I am off to build a Linux server 🙂

lukeh · ‎03-23-2015

That is what I like to hear 🙂

L.

Qualysguard splunk - No data

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout