brianwarehime
commented
8 years ago No reported issues so far. Other people besides myself have confirmed it's working correctly with the latest update.
I guess first things to try, is check out /opt/splunk/var/log/splunk/splunkd.log and search for any errors. Make sure you followed the install instructions and allowed the honeypot index to be searched by default, because that alone will make nothing show up in any of the dashboards.
Just do a free-form search in Splunk for index=* and see if any events are in there, that'll at least narrow your problem down to uf->splunk or something in Tango (which 9 times out of 10 is the permissions thing with the honeypot index not being searched)
davidroush
Hello, are there any reported issues with the current versions of cowrie/splunk/uf? I seem to be having an issue processing events, when configured under "Forwarding and Receiving" no events are processed and when configured as a TCP listener under "Data Inputs" all I get is cooked data that isn't processed. This is on a fresh install of Splunk and Tango. Just wanted to make sure before I spent any more time on the issue.