Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk for Symantec-Dashboard is Blank

raidercom
Communicator
‎05-08-2013 11:58 AM

Hi:
I've got Splunk for Symantec App installed, and the input.conf files pushed to the SEPM server with the Splunk Universal Forwarder forwarding the SEPM logs to Splunk with the default input.conf. I also setup SEPM (12) to 'Export Logs to a Dump File', with all of the options set on 'Log Filter'.

I can see that Splunk has data from some of the data sources (sep12:agent and sep12:system), but when I go to the Splunk for Symantec App, the dashboard is blank, as are any of the reports that are built in. Have I done something wrong that is causing Splunk to not index the log files properly?

SEPM 12.1.1101.401
Server 2003 (x86) Standard SP2

Thanks for any assistance you could provide.

Tags (1)
0 Karma
Reply

danielchung
New Member
‎05-31-2013 12:57 AM

I'm having the same issue and have posted here , looks like it has to change the index to make it works but don't know how to do it.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...