Issue is now resolved. Everything was correct with our setup and configuration. The problem was that the Tripwire IP360 App was supposed to create two inputs in the Splunk DB Connect app in Splunk DB Connect > Data Lab > Inputs but did not. A Tripwire support rep told us that this was supposed to happen automatically after the full server restart. Once we applied updates to our server for routine maintenance, the inputs were created, and the dashboard began populating now Splunk knew what to do with the Tripwire logs.
... View more