- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Add-on for Symantec Endpoint Protection
rahul2gupta
Path Finder
06-21-2020
11:16 PM
Hi
When we used to run the following query index=symantec we would get the following result.
- host = dev1pgs01
- source = D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\dump\scm_system.tmp
- sourcetype = sep12:scm_system
Till 29/08/2018 we were getting the results.
But now when we run the same query index=symantec it shows no results found
Below are our following findings/Actions.
- Splunk forwarder was not installed we installed it.
- We checked this path source = D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\dump\scm_system.tmp but in dump file the file is empty there is nothing like sc_system.tmp
- Sourcetype is also missing.
Please help me to fix this issue.
![](/skins/images/396DDBEEAC295EB5FEC41FF128E8AC0A/responsive_peak/images/icon_anonymous_message.png)