I have been trying to configure the Linux Auditd app to get it 100% functioning. Some of the panes are working and some are not. The app is not integrated with Splunk Enterprise Security (ES) and running on Splunk 6.5.1. Is this platform supported ? What would be the solution to fixing the errors below:
Error in 'PivotProcessor': Error in 'DataModelEvaluator': Data model 'Auditd' was not found.
Error in 'lookup' command: The lookup table 'posix_identities' does not exist or is not available.
The lookup table 'auditd_host_inventory' does not exist. It is referenced by configuration 'linux:audit'.