What controls the number of active hosts in the splunk gui? I have thousands of hosts but splunk is saying only 2000+ Active hosts.
What version of the SPlunk App are you using? There is a bug in < 1.1 that could cause something like this, 1.1.1 seems to have it fixed.
I am running 1.0. I will load up 1.1.1 in our new environment and test.
Could you please provide a link to the right version of the app?
Qualys Splunk app
That i in the TAM community, so it may need to be accessed by your TAM. I don't think we've published it to the Splunk Marketplace yet.
Just installed version 1.1.1 but the number of Active hosts is still far different than when I do a asset search in Qualys.
It can take awhile for the feed to pull all the data... How long have you given it?
Since last Friday....:)
Goto Settings -> Data Inputs -> Script... Change the interval from a cron style format to a 60 (run every 60 seconds). let it run and see if it starts to catchup.
I found the Multi-threaded feature in the App to be useful for download performance.
Retrieving data ...