Troubleshoot the Splunk Add-on for McAfee Web Gateway
General troubleshooting
For helpful troubleshooting tips that you can apply to all add-ons, see Troubleshoot add-ons in Splunk Add-ons. For additional resources, see Support and resource links for add-ons in Splunk Add-ons.
Warning while trying to import the LogHandler
If you import the newly updated LogHandler in a version of Mcafee Web Gateway older than 10.0, you'll see import errors that state "Ruleset migration failed, Can not perform as instructed when Upgrading the LogHandler for the Splunk Add-on for McAfee Web Gateway. You can ignore this warning message and proceed as per the instructions stated inthe Upgrade Log Handler section.
Data ingestion problems
Verify that you configured the input correctly by confirming that:
- You configured the correct IP address of the Splunk platform node that is responsible for data collection in your McAfee Web Gateway configuration.
- You configured the port in your McAfee Web Gateway configuration to match the port you configured in your Syslog input configuration.
- Your port for this input does not conflict does not conflict with any other inputs.
- You configured your syslog input to set the source type to
mcafee:wg:kv. - You are searching the correct index. By default, this add-on uses the
mainindex.
Last modified on 08 February, 2022
| Configure inputs for the Splunk Add-on for McAfee Web Gateway | Lookups for the Splunk Add-on for McAfee Web Gateway |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!