Hi,
I also have a similar problem. I can see data within a splunk search "index=asset_discovery sourcetype=port_scan", but the eventtype port_scan (index=asset_discovery sourcetype=port_scan "Host:" "Ports:" "Ignored State:" ) doesn't produce anything as my script isn't generating any "Ignored State:"
I am running the following script:
/opt/splunk/etc/apps/asset_discovery/bin/nmap.sh -A -O -t 172.20.32.0/24 --max-retries 1 --osscan-guess --system-dns
and I have added "unset LD_LIBRARY_PATH" to the nmap.sh script as well as ensuring that nmap is chmod'ed so the splunk user can use it.
Have a missed something and argument when calling the script?
Mario
... View more