When troubleshooting any data ingestion issue, track down where the data is being transmitted and received. For instance, in this scenario, we know that the Tenable add-on needs to be installed on the Search Head and a Heavy Forwarder, and can be installed on the indexer (http://docs.splunk.com/Documentation/AddOns/released/Nessus/InstalltoSearchHead#Where_to_install_thi...).

We should first check to see if the tenable data is leaving the Heavy Forwarder:
index=_internal host=<Heavy_Forwarder> source=*metrics* group=per_sourcetype_thruput series=<Tenable_sourcetype> | timechart sum(kb) by series span=15min

The visualization here we show you when and if your tenable data is being sent from the forwarder. If there are no results from this search, this is an indication that there is something wrong with the input. In that case, check out the heavy forwarder's splunkd.log file.
If there are results with this search, then all is good on the Forwarder side. In this case, run a similar search for the Indexer :
index=_internal host=<Indexer> source=*metrics* group=per_sourcetype_thruput series=<Tenable_sourcetype> | timechart sum(kb) by series span=15min
If there is no data here then it could be an indication that there the data is getting lost in transmission (possibly by a Firewall). If there are results here, then check to see that the tenable data is going into the index you expect it to and that you are searching for it correctly.

There are other things that could be going wrong in the process but start there.