Wondering if anyone else is seeing this problem. I configured the Splunk add-on for Nessus without any problems. I'm able to search for Nessus events in Splunk, however, I'm not seeing all the events I'm expecting to see.
First I ran a host discovery scan in Nessus.
I then ran this search in Splunk to only pull the events from that scan:
sourcetype=nessus:scan name = "Host discovery scan"
The Nessus scan discovered 294 hosts, yet the Splunk search only returned 248 hosts. I've racked my brains trying to figure out why but came up short. Any ideas what could be happening here?
![alt text][1]
[1]: /storage/temp/92174-splunk.jpg
↧