Powered by

# Troubleshooting

There can be many issues when setting up a new app/add-on in Splunk. Below highlights the most common issues with this Add-on. Don't see your issue? Submit a new issue on Github.

Issue Description Solution
Multiple asset merge It is possible that some of your devices share a common key field (dns, ip, mac, nt_host) which will cause merging by default. See the Asset Merge Solutions for ways to improve the merging behavior.
Asset Database not populating with CrowdStrike Data The asset database may show no CrowdStrike data if the initial search has not run to build the asset database or the default macro has not been updated. Verify the default macro has the correct index definition (see Update Default Macro). Also see Force build to build the CrowdStrike assets lookup before the first scheduled run.