I am noticing that Splunk ingestion is spotty.
For example, out of a hundred machines that have pluginID 38153 results a few days ago (verified in the SecCenter GUI),
only three of these machines/results are found in Splunk.
Are there a limits.conf or another setting that needs to be changed to allow full ingest?
I have emailed Tenable to upgrade my current Tenable login to be a valid Support Portal account. In the interim, does anyone else have experience with this limit in ingestion? The Tenable add-on does not have a limits.conf, so wondering where else these limits would be found, maybe under system/default?
Everything should work out of the box. If you are seeing inconsistencies please create a support case with Tenable and we can help resolve.