I've been playing around with the Splunk Asset Discovery app. I think it will be of use to our organisation, but having some issues.
My environment looks like this, 3 separate systems:
2x Splunk indexers
1x Search head.
Each system has the asset discovery app install. Indexers are the ones actually running the nmap scripts.
On our search head I am getting these warnings. Warnings come up no matter what you are doing (even regular searches). It is very annoying:
[indexer1] Unable to find a saved search asset_discovery
[indexer2] Unable to find a saved search asset_discovery
The app is working correctly on the search head. Data/graphs/etc all functioning. It is just this warning message
Anyone have any ideas? or know of a way to just disable the warning?
... View more