Hello all,
I am new to Splunk. I am trying to setup some apps, Cisco Security Suite being one. I am having the same "blank dashboard" issue as others have posted. All panels are showing "No results found." I am having exactly the same problem with another security related Splunk app and it is very frustrating.
I am running Splunk 6.0 on Windows Server 2012. There is only one Splunk server in the landscape. I have multiple ASA firewalls sending syslog to Splunk via UDP 514. I have a custom index receiving syslog data from all network devices, and it is searchable in the Splunk UI. I have confirmed I can see results from ASA. I have installed the TA for ASAs. I have also followed the instructions regarding the TA & SA file & folder configuration, but still nothing.
I am not sure what else to do at this point. Any assistance would be greatly appreciated.
Thank you,
Drew
RSENNETT_SPLUNK. Here are the first 15 lines of the props.conf file per your request. I will post an event shortly.
################ Global ####################
#default port is 514
#[source::tcp:514]
#TRANSFORMS-force_sourcetype_for_cisco = force_sourcetype_for_cisco_asa,force_sourcetype_for_cisco_pix,force_sourcetype_for_cisco_fwsm
[source::udp:514]
TRANSFORMS-force_sourcetype_for_cisco = force_sourcetype_for_cisco_asa,force_sourcetype_for_cisco_pix,force_sourcetype_for_cisco_fwsm
################ ASA ####################
[source::....asa]
sourcetype = cisco:asa
[cisco:asa]
SHOULD_LINEMERGE = false
... View more