Splunk® Supported Add-ons

Splunk Add-on for Symantec Endpoint Protection

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Troubleshoot the Splunk Add-on for Symantec Endpoint Protection

General troubleshooting

For troubleshooting tips that you can apply to all add-ons, see Troubleshoot add-ons in Splunk Add-ons. For additional resources, see Support and resource links for add-ons in Splunk Add-ons.

Cannot launch add-on

This add-on does not have views and is not intended to be visible in Splunk Web. If you are trying to launch or load views for this add-on and you are experiencing results you do not expect, turn off visibility for the add-on.

For more details about add-on visibility and instructions for turning visibility off, see Check if the add-on is intended to be visible or not in the Splunk Add-ons Troubleshooting topic.

Access the internal log files

To access the internal logs produced by this add-on, run this search.

index=_internal source="*ta_symantec-ep.log"

Malware categories are not up to date

If you have enabled the automatic updates for the malware category lookup file, but you notice that the data does not appear to be up to date, verify your automatic updates are successfully configured.

Check your $SPLUNK_HOME/etc/apps/Splunk_TA_symantec-ep/local/inputs.conf on your search heads to ensure that the scripted input is in the file and enabled (disabled = 0). If it is missing, you can set it up again in the UI or you can copy the relevant stanza from $SPLUNK_HOME/etc/apps/Splunk_TA_symantec-ep/default/inputs.conf and change disabled = 1 to disabled = 0.

Last modified on 09 January, 2023
PREVIOUS
Configure Symantec Endpoint Manager inputs for the Splunk Add-on for Symantec Endpoint Protection
  NEXT
Source types for the Splunk Add-on for Symantec Endpoint Protection

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters