Troubleshoot the Splunk Add-on for OSSEC
Data ingestion problems
Verify that you have configured the input correctly by confirming that:
- you have configured the correct IP address of the Splunk platform node responsible for data collection in your OSSEC configuration file.
- the port that you configured in your OSSEC configuration file matches the port you configured in your syslog input configuration.
- the port that you are using for this input does not conflict with any other inputs.
- your syslog input is configured to set the source type to
- you are searching the correct index. By default, this add-on uses the
Lookups for the Splunk Add-on for OSSEC
This documentation applies to the following versions of Splunk® Supported Add-ons: released