brianwarehime
commented
9 years ago So, I definitely need to add this to the documentation, since it’s come up a few times. But, it’s an easy fix. So, out of the box, Splunk won’t search indexes that aren’t ‘main’, meaning, anything in the ‘honeypot’ index won’t be searched by default. You will need to go into “Settings”, then “Access Controls”, then “Roles”, “Admin”, then scroll all the way down to “Indexes Searched by Default”, then add honeypot to the right-hand column.
Hope that helps, if it doesn’t resolve the issue, please let me know.
On April 29, 2015 at 1:13:21 PM, JonathanPhillips (notifications@github.com) wrote:
I've got the Tango App installed on my Splunk server and 3 kippo honeypots. 2 were existing in which I just installed the UF only and 1 is brand new..new kippo and uf install per the default Tango installation.
I'm not seeing anything show up in the Tango app on Splunk. I don't have much experience with Splunk yet... What logs in Splunk can I look at for troubleshooting?
— Reply to this email directly or view it on GitHub.
I've got the Tango App installed on my Splunk server and 3 kippo honeypots. 2 were existing in which I just installed the UF only and 1 is brand new..new kippo and uf install per the default Tango installation.
I'm not seeing anything show up in the Tango app on Splunk. I don't have much experience with Splunk yet... What logs in Splunk can I look at for troubleshooting?