Splunk® App for Splunk Attack Analyzer

User Guide

Troubleshoot the Splunk App for Splunk Attack Analyzer

Here are some common issues when using the Splunk App for Splunk Attack Analyzer and how to resolve them.

Data not appearing on the dashboards

If data isn't appearing in the dashboards or dashboard panels, perform the following steps to find the issue.

Cause

The index for the Splunk Add-on for Splunk Attack Analyzer input doesn't contain data for the time frame set for the dashboard.

Solution

  1. If there is data in the index, check that the saa_indexes macro is configured correctly. Example macro content for single index: (index=saa_data). Example macro content for two indices: (index=saa_data or index=saa_data_old). See Configure macros in the Splunk App for Splunk Attack Analyzer for more information.
  2. If the index still doesn't show any data, the issue might be with the Splunk Add-on for Splunk Attack Analyzer. For more information on troubleshooting the Splunk Add-on for Splunk Attack Analyzer, see Troubleshoot the Splunk Add-on for Splunk Attack Analyzer.
Last modified on 30 August, 2023
Executive Overview dashboard   What's new in the Splunk App for Splunk Attack Analyzer

This documentation applies to the following versions of Splunk® App for Splunk Attack Analyzer: 1.0.0, 1.1.0, 1.1.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters