Are you interested in our Early Access Program (EAP)? This program allows you to preview code, test in your lab and provide feedback prior to General Availability (GA) release of all Infoblox products. If so, please click the link here.

Reporting

Reply

Splunk application for BloxOne Threat Defense - help!

Member
Posts: 2
2113     0

Hi! I am trying to get the Splunk app, https://splunkbase.splunk.com/app/3850, working in a lab. I have installed Splunk (Free version) 7.2 (also tested 7.3) on a Windows 10 machine. But my dashboard is not populated.

 

I have tried with curl to the API, and it works fine:

curl -k -i -H "Authorization: Token  <token> " "https://csp.infoblox.com/api/dnsdata/v1/dns_event?source=category&t0=1562609321&t1=1562617900&_format=cef" -s

I have followed the instructions for the app, even reinstalled Splunk in different version, as well as multiple restarts of the Splunk app. I have never worked with Splunk before, so I am a bit lost.


This is what the Infoblox Input config looks like

 

ib1.PNG


What do I do wrong? Any tips? The reason I want to try the dashboard is due to Bloxone dosen't have any reporting functions -- which I need, since we don't have a SIEM.

Re: Splunk application for BloxOne Threat Defense - help!

Adviser
Posts: 112
2114     0

Re: Splunk application for BloxOne Threat Defense - help!

Member
Posts: 2
2114     0

Hi! No, I can't find any error messages at all.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You