All Apps and Add-ons

In the Splunk App for PCI Compliance, why are my PCI Dashboards without data?


Hi all,

I have installed the PCI module, and I have followed the implementation steps (, but I do not get any data in the PCI dashboards — any clue?

I have the following scenario:

1 splunk server with PCI app installed, with IP

1 Domain controller (win 2012) with IP (the domain is

1 Windows server with a splunk forwarder IP; I have deployed

I have ADD data from a Splunk forwarder, and I have selected sources Local Events Source (Applications, Forwarder events, security, setup and system), one by one with PCI index.

In Splunk, I have uploaded the assets via CSV file, and I can see in the App PCI - Assets Center :


In Splunk, I have uploaded the identities via a CSV file, and I can see in the App PCI - Identity Center :



When I go to the PCI Compliance Posture, I can see all the indicators in green without data.

In Notable Events By Owner — Last 24 Hours, over owner I got "unassigned," but I have configured the assets and identities.

Any clues?

0 Karma


AFAIK, these dashboards are filled solely with data from "notable events". To create these events you have to enable the corresponding correlation searches in the App's configuration.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!