Recently Viewed Topics
Troubleshooting
-
I am getting a Splunk error.
-
Check the $SPLUNK_HOME/var/log/splunk/splunkd.log for Splunk related errors. If you see errors, contact your Splunk administrator.
Note: Your must set your SPLUNK_HOME environment.
-
-
I don’t see data after setting up mod input.
- For Tenable.io mod-input, check the $SPLUNK_HOME/var/log/splunk/ta_tenable_tenable_io.log file.
- For Tenable.sc mod-input, check the $SPLUNK_HOME/var/log/splunk/ta_tenable_tenable_securitycenter.log .
- For Tenable.sc mobile mod-input, check the $SPLUNK_HOME/var/log/splunk/ta_tenable_tenable_securitycenter_mobile.log file.
-
Data is not populating in the Tenable App dashboards.
-
Run an All Time saved search for Tenable.io or Tenable.sc. After running the All Time saved search, turn on and schedule a saved search.
- Try expanding the time range from the last 24 hours.
- Check the Tenable macro (get_tenable_index) and ensure the Tenable index is set correctly.
-
The dashboard can take some time to populate when data collection is started. We To ensure you are receiving all data:
-
search `get_tenable_index` | stats count by source type
-
You should see the following source types: tenable:io:vuln, tenable:io:assets, tenable:sc:vuln"\, tenable:sc:plugin, tenable:sc:assets, tenable:sc:mobile:vuln, tenable:sc:mobile:assets, tenable:nnm:vuln.
-
Check the log file for any errors - $SPLUNK_HOME/var/log/splunk/splunkd.log
-
-
-
While running Tenable.io, I get the following error: ERROR pid=106020 tid=MainThread file=io_connect.py:__checkResponse:83 | Tenable Error: response: Duplicate export not allowed. Please modify request or wait until existing export is complete.
- You must create a new, unique user and API login to use in Splunk.