Splunk® Supported Add-ons

Splunk Add-on for McAfee Web Gateway

Troubleshoot the Splunk Add-on for McAfee Web Gateway

General troubleshooting

For helpful troubleshooting tips that you can apply to all add-ons, see Troubleshoot add-ons in Splunk Add-ons. For additional resources, see Support and resource links for add-ons in Splunk Add-ons.

Warning while trying to import the LogHandler

If you import the newly updated LogHandler in a version of Mcafee Web Gateway older than 10.0, you'll see import errors that state "Ruleset migration failed, Can not perform as instructed when Upgrading the LogHandler for the Splunk Add-on for McAfee Web Gateway. You can ignore this warning message and proceed as per the instructions stated inthe Upgrade Log Handler section.

Data ingestion problems

Verify that you configured the input correctly by confirming that:

  • You configured the correct IP address of the Splunk platform node that is responsible for data collection in your McAfee Web Gateway configuration.
  • You configured the port in your McAfee Web Gateway configuration to match the port you configured in your Syslog input configuration.
  • Your port for this input does not conflict does not conflict with any other inputs.
  • You configured your syslog input to set the source type to mcafee:wg:kv.
  • You are searching the correct index. By default, this add-on uses the main index.
Last modified on 08 February, 2022
Configure inputs for the Splunk Add-on for McAfee Web Gateway   Lookups for the Splunk Add-on for McAfee Web Gateway

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters