Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

I'm indexing thousands of events from Sonicwall in Splunk 6.3, but why are summary dashboards not showing any data?

grantsmiley
Path Finder
‎09-30-2015 05:45 AM

I have a new Sonicwall indexing to Splunk 6.3. I have hundreds of thousands of events coming in from the Sonicwall every hour, however, the summary dashboards are all returning no data. My Sonicwall is sending very few events with a TID or template ID, and they're almost all ID 555. It appears most of the dashboards want to filter on TID, and there simply aren't any. I'm using the default syslog format on the Sonicwall, "Local Use 0" facility. I've tried with and without the "Override Syslog Settings with Reporting Software Settings". I'd like to keep that on as we have Sonicwall Analyzer set up as well. Is there another setting I'm missing in the firewall to get this to work?

Reply
1 Solution
Solved! Jump to solution
Solution

grantsmiley
Path Finder
‎02-05-2017 05:34 AM

It turned out this was related to a customization that was made in the SonicWALL appliance itself. Reset it to factory defaults for logging and it worked fine

View solution in original post

Reply
Solved! Jump to solution

chumneysplunk
New Member
‎02-19-2017 07:05 AM

I had a similar issue. I have syslog coming into splunk via UDP 514.

I was not getting any data into the Sonicwall Analytics App.

I found that the external collector was not configured.

Once I made sure Splunk was listening on port 2055, I then proceeded to setup the External Collector to use Splunk. All the data was visible via the Sonicwall Analytics app Dashboard(s) after the External Collector was setup.

0 Karma
Reply
Solved! Jump to solution
Solution

grantsmiley
Path Finder
‎02-05-2017 05:34 AM

It turned out this was related to a customization that was made in the SonicWALL appliance itself. Reset it to factory defaults for logging and it worked fine

Reply
Solved! Jump to solution

ConnorG
Path Finder
‎07-18-2017 12:41 PM

Was this done by importing the default logging levels? Or is there another setting to reset that I'm missing here?

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...