I have added the cloud to inputs and it is working fine. url=https://cloud.tenable.com. Create the api keys for whichever user will be pulling the data and enter those in inputs.conf.
... View more
I have tried the search activity dashboard and the resource usage dashboard, When I looked at the KV Store dashboard data shows for this instance.
It is a peer of the DMC.
The search head is forwarding, it was showing the results when I first upgraded to 6.3.2.
It is listed as a search head, kv store in the DMC.
Thanks.
Paul
... View more
I have three search heads in a search head cluster and they are all listed in my Distributed Management Console as search heads. Only 2 of the 3 instances are showing data when viewing in the DMC dashboards. The introspection log on the search head not displaying has the data and the index=_introspection shows data for that search head. I am running Splunk Enterprise 6.3.2.
Why would that one search head not show data in the dashboards?
Thanks.
Paul
... View more
I was looking at my active vulnerabilities which I count by title and was missing 5 that the qualys scanner showed as open. When I searched for the QID in splunk_kb_lookup I had no results. When I looked in the csv file on the server the QID is showing up. It appears that this started happening for inputs starting in 2016.
Any ideas?
Thanks.
Paul
... View more