- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Splunk application for BloxOne Threat Defense - help!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2019 12:04 AM
Hi! I am trying to get the Splunk app, https://splunkbase.splunk.com/app/3850, working in a lab. I have installed Splunk (Free version) 7.2 (also tested 7.3) on a Windows 10 machine. But my dashboard is not populated.
I have tried with curl to the API, and it works fine:
curl -k -i -H "Authorization: Token <token> " "https://csp.infoblox.com/api/dnsdata/v1/dns_event?source=category&t0=1562609321&t1=1562617900&_format=cef" -s
I have followed the instructions for the app, even reinstalled Splunk in different version, as well as multiple restarts of the Splunk app. I have never worked with Splunk before, so I am a bit lost.
This is what the Infoblox Input config looks like
What do I do wrong? Any tips? The reason I want to try the dashboard is due to Bloxone dosen't have any reporting functions -- which I need, since we don't have a SIEM.
Re: Splunk application for BloxOne Threat Defense - help!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-11-2019 04:43 AM
Re: Splunk application for BloxOne Threat Defense - help!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-11-2019 04:51 AM
Hi! No, I can't find any error messages at all.