All Apps and Add-ons

Cisco Security Suite not working - showing blank dashboards

pgadhari
Builder

I have installed Cisco Security Suite on my Splunk server, but when I access it from GUI all the dashboards are blank, also it is not asking me for any configurations. What I want is to put the cisco firewall logs into this suite. Currently, my firewall is sending logs to this Splunk server on port 9997 using UDP. I created a index called "cisco_logs" and all my logs are coming to that index. I can see the logs in search by specifying "index=cisco_logs", but how can I take that logs into the dashboard of Cisco Security Suite. I looked for configuration help, but not getting proper information about the configuration of CSS. Please help me.

Do I need to install any add-ons for Security suite to work or show data in my dashboards ?

This is bit urgent.

Thanks
Pankaj

0 Karma

lauMarot
Path Finder

Have you added your "index=cisco_logs" index to the search by default indexes of the user's role running the App ?

0 Karma

pgadhari
Builder

Thanks Mitesh for your reply on this. Actually, I saw that link but somehow I was not able to see the "Documentation" link in my App. But now it is showing me that link. Let me go through it.

0 Karma

miteshvohra
Contributor

Have had a chance to read through the App Documentation on http://apps.splunk.com/app/525/#app-resources?

0 Karma

halr9000
Motivator

The docs are not as easy to find as they could be, and we are fixing that. After installing the app, go to the menu on the top left and click on documentation. There, you will see two guides that you should go through. After doing so, ask a new question with more detail specific to which step is giving you trouble.

screenshot

0 Karma

joshnv
New Member

Hi there. I've followed the documentation instructions exactly on a brand new Splunk enterprise install on windows. I have the same result - blank dashboards "no results found".

My various ASA firewalls syslog directly via UDP to the splunk VM. I'm not sure what else I can do as I've followed the exact steps in "getting started".

Thanks
Josh

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...