Hi,
I've done a clean Splunk Enterprise 7.1 install on CentOS 7 and Splunk itself is working correctly.
Following the instructions for installing Cybereason for Splunk to my existing Cybereason instance using credentials that I'm working on, there is no data being pulled in, and I can find no errors anywhere. Health dashboard just has no data. I have install the Input Add on as well as per instructions.
Any ideas if there is anything wrong? I can see the server contacting the Cybereason instance every 300 seconds as configured, but can't tell what it's pulling in (nothing if I believe what's in the index).
Is there a special CR user I need to be connecting with (API user?) or should any user be fine?
Any help would be great.
Thanks
Chris
... View more