Open testernoobkali opened 6 years ago
Hey! So, I haven't touched this in a long time, so, not sure where to even begin. Did you ensure that the index was readable by all and searched by default?
You'll need to allow users to search the 'honeypot' index by default. To do this, go into “Settings”, then “Access Controls”, then “Roles”, “Admin”, then scroll all the way down to “Indexes Searched by Default”, then add honeypot to the right-hand column.
Are you talking about this ?
So i have the app installed on my splunk server and added the token and setup the http://mysplunkserverip:9997/ and the location of the log of cowrie .. i am not sure about the forward logs url .. is that the correct format ?
Hey, Thank you for the tango add on! I have having some issues with splunk receiving logs from the honeypot, can you please provide some help here. I have followed your readme and installed all of the required packages. Been on this all day :(