brianwarehime
commented
9 years ago Would you be able to message me on google chat? I think troubleshooting might go a little faster that way. brianwarehime@gmail.com
Thanks!
Closed mackwage closed 9 years ago
brianwarehime
commented
9 years ago Would you be able to message me on google chat? I think troubleshooting might go a little faster that way. brianwarehime@gmail.com
Thanks!
mackwage
commented
9 years ago Sure thing! Just did. thank you much!
mackwage
commented
9 years ago This was resolved! Kippo was using a new format of json which isn't yet supported by Tango. Reverted back to old version and updated inputs.conf for the forwarder and all is well. @brianwarehime also updated the repo so it would revert back to older version for future installs.
Sorry if this is more of a Splunk issue but wanted to start here. :)
I have my sensors setup and logging back to Tango within splunk. In Tango, I can see my sensors within Sensor Mgmt. If I go to Splunk Search and Reporting, I can see the kippojson logs.
However, when navigating through the dashboards, I get no results found.
When I see the logs, most of them are logon attempts but when I go to the username/password analysis page, I get no results there as well.
I followed the server instructions on the main page; Tango is added to the default search index for my user.