Good morning everyone, first time poster and very much a novice Splunk user. My colleague is currently having an issue with our cyber team's dashboards not populating with ClamAV's Last Scanned and definition date properties. Currently, we're implementing  a temporary solution for having the definition dates populate properly, by manually setting the permissions to '644' on main.cvd, daily.cvd, and bytecode.cvd, and I think also for the database, via Ansible ad-hoc command. Is this something I can fix my modifying the inputs.conf file? If so, what properties would I need to add?  For the 'Last Scanned' problem, Splunk simply shows up with 'Not Found'. I'm unsure of how to address this one, so any starters would be great. I should add, this Splunk Enterprise instance is on an air-gapped environment.  Thank you all in advance   ... View more