Searching Connect Data

Tripwire Connect stores the raw data collected from Tripwire Enterprise and/or IP360 in Splunk base indexes created by the Connect App. It then uses this data to build lookups, summary indexes, and data models. These components are documented in The Tripwire Connect Schema on page 1.

You can query this data using Splunk Search Processing Language (SPL) in the Tripwire Connect App or the Splunk Search &Reporting App to analyze data or create a new report or dashboard. For more information about using SPL, see:

https://www.splunk.com/en_us/resources/searchprocessing-language.html

To learn more about running a search or creating reports and dashboards, see:

https://docs.splunk.com/Documentation/Splunk/9.0.2/SearchTutorial/
WelcometotheSearchTutorial

To search your Connect data:

1.

From Splunk Home, click Tripwire Connect or Search & Reporting in the Apps panel.

In either app, this opens the Search Summary view.

2.

Enter your SPL query in the search field to search.