- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Linux Auditd: How to get this app working with Splunk Enterprise Security?
naqviah
Explorer
02-02-2017
06:30 AM
I have been trying to configure the Linux Auditd app to get it 100% functioning. Some of the panes are working and some are not. The app is not integrated with Splunk Enterprise Security (ES) and running on Splunk 6.5.1. Is this platform supported ? What would be the solution to fixing the errors below:
- Error in 'PivotProcessor': Error in 'DataModelEvaluator': Data model 'Auditd' was not found.
- Error in 'lookup' command: The lookup table 'posix_identities' does not exist or is not available.
- The lookup table 'auditd_host_inventory' does not exist. It is referenced by configuration 'linux:audit'.
Please guide.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
doksu
Contributor
02-02-2017
05:30 PM
Have you completed the installation instructions for search environments with ES? https://github.com/doksu/splunk_auditd/wiki/Installation-and-Configuration#enterprise-security
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
naqviah
Explorer
02-02-2017
05:41 PM
Yea I have followed those instructions. I
Am testing this without ES.
