Hello Splunkers,
I'm having trouble getting apps/searches that rely on firewall data, to display anything. The dashboard panels show "no results". I think I have all of the pre-reqs. Sonicwall app (configured per the app's instructions) monitoring IPFIX flows from the firewall. Firewall set to sent flow data to Splunk. CIM installed. Network_Traffic dataset accelerated. I have verified that flow data is being indexed in the "sonicwall" index. However, the IPFIX flow statisics dashboard shows "no results", but if I go to the firewall activity dashboard, it does list the firewall. Also, when I use the Splunk Security Essentials app's feature "Data Sources Check" it indicated that Splunk is not getting/finding firewall data.
Any tips or suggestions would be greatly appreciated.
... View more