Please refer the below details and provide me support for effective resolution :
Facing issues while implementing forescout extended module for splunk ,
we have ES and DS in our environment , since we have three apps for forescout for splunk(adaptive response, technology add-on for splunk , forecout app for splunk),
Can we install all 3 in ES and make it work ?
Should we install all 3 in DS and make it work?
as per functionality of counteract ,it send messages / events for actions to and from splunk , do we really need to forward the logs also in order to make this app work?
or both ES and DS should be configured ?
steps tried so far :
Installed all 3 apps in ES and DS separately both didnt work and throwing the below error :
Checking for reachability...
Splunk server at '10.10.10.224' is reachable via ping.
**Checking Splunk server roles...
Obtained following server roles-
- license_master
- deployment_server
- search_head
- kv_store
Checking data inputs configuration...
Enabled : true
Obtained following associated indexes-
- fsctcenter
- main
Successfully verified Splunk target configuration.
Sending test event...
Failed to send test event to this target at '10.10.10.224'. (500 Can't connect to 10.10.10.224:8000)**
kindly let me know if more info neeed from my end,
support me with your expertise,
thanks;;;;
... View more