To the best of my knowledge after following Splunk guides and the Tripwire App PDF, I am unable to get data to the Tripwire IP360 App for Splunk Enterprise (that I downloaded current from Tripwire). When I visit the app, it only says 'No results found'. Below is a list of everything I have done so far
Enabled remote access to my Splunk search head on the VNE
Installed OpenJDK 1.8.0.232 on Splunk
Installed Splunk DB Connect 3.2.0
Created an identity to match the username and password defined on the VNE remote access properties
Created a connection using PostgreSQL using the properties define on the remote access page of the VNE
There are no errors with the Identity or Connection setup
Installed the Tripwire IP360 Splunk Add-on
Left the default configuration (DBX v3)
Installed the Tripwire IP360 Splunk App
Made firewall rules to allow communication between the VNE and Splunk for port 5432 for PostgreSQL
I've done everything that the setup PDF that came with the IP360 Splunk App said to do as well as followed the guides on Splunkbase for the Splunk DB Connect configuration, but the IP360 App in Splunk shows no data. If I go to SQL Explorer in DB Connect and select the Connection and Catalog that was set up in Tripwire, I'm able to view schemas and tables within the SQL DB.
What am I missing?
... View more