Hey Jimmy. I submitted a request to my Splunk team to set this up and they came back to me with this:
“The Bigfix app appears to have been built with a Django dependency for the input and configuration views of this app. . .Django is not supported from Splunk version 7.3 forward. I am unable to open the input and configuration views of this app on Splunk 7.3.2. We are upgrading to Splunk 7.3.2 at the first of the year.”
The add-on was built using the Splunk Add-on Builder and I haven’t had a chance to test on Splunk 7.3 since it’s release. I will have to get back to you on that.
I am pleased to announce that thanks to the COVID-19 lockdown and working from home, I made time to complete the scalable version of the BigFix TA. Version 2.0.0 is available.
I would recommend anyone who used the previous version of the TA do a clean installation of the newer version to ensure there aren’t remnants of the older version that could give you trouble. If you run into any issues or have questions, feel free to post them here or open an issue on GitHub.
After many many weeks, I finally took some time to update the add-on to be compatible with Python 3 which allows for installation and use of the add-on on Splunk Enterprise 8.0+. I encourage any Splunk users to download and collect information using this add-on because, honestly, I need actual QA on large environments so I know if adjustments need to be made to either the Python, the relevance, or both.
I also encourage any feedback or recommendations on new inputs or other information you would want to get from a BigFix deployment.
@TrevorHikes It should scale better now in larger environments but I don’t have any feedback on users who have implemented the current version. On the same token, I haven’t heard anything negative either so I don’t have a firm answer at the moment.
The raw component logs are ingestible using a universal forwarder (a sample inputs.conf is included in the TA) but the modular inputs of the TA are providing more information than the local client logs do. The local logs show performance of the clients themselves but not client information which is what the moduar imputs are providing.