topic Re: Nothing gets indexed for unknown reason in Getting Data In

Nothing gets indexed for unknown reason

splunk0 — Tue, 29 Sep 2020 18:41:09 GMT

All I see in the log is:

log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2506 :INFO: Successfully create opsec environment
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2535 :INFO: Successfully initialize client/server-pair
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2553 :INFO: Successfully create session
[ 161687680][25 Mar 14:30:54] get_pkxld_path: cpshared_filename failed
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2596 :INFO: lea_get_first_file_info returned 4
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2597 :INFO: Available FW-1 Logfiles
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399793794 aID 1399793794
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399814080 aID 1399814080
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399829518 aID 1399829518
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399841761 aID 1399841761
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399852792 aID 1399852792

Re: Nothing gets indexed for unknown reason

tiagofbmm — Sun, 25 Mar 2018 18:43:36 GMT

We need more info about this. What were you trying to ingest? Can you search the internal indexes or the log you are showing is from a tail in the command line?

What is your environment, standalone, distributed?

Re: Nothing gets indexed for unknown reason

splunk0 — Tue, 29 Sep 2020 18:41:12 GMT

I just followed this guide:
https://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Troubleshoot

The logs in the original post are from splunk_ta_checkpoint-opseclea_modinput.log
just continues with the same type of message:
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID aID
countless of times but nothing gets logged to index=opsec

The beginning of the file shows: get_pkxld_path: cpshared_filename failed
Maybe that is an indecation for something?

Does it matter if its standalone or not? I don't think it matters.

Re: Nothing gets indexed for unknown reason

splunker12er — Tue, 03 Apr 2018 07:24:49 GMT

Do you manage this checkpoint device ?

check this link for the error message
The HKLM_registry.data file is corrupted.

Re: Nothing gets indexed for unknown reason

splunk0 — Wed, 18 Apr 2018 08:40:23 GMT

I eventually just deleted all and installed from the Wen Interface. It works fine.

Re: Nothing gets indexed for unknown reason

splunk0 — Wed, 18 Apr 2018 08:40:53 GMT

I eventually just deleted all and installed from the Wen Interface. It works fine.

Re: Nothing gets indexed for unknown reason

richgalloway — Wed, 18 Apr 2018 15:29:33 GMT

@splunk0 If your problem is resolved, please accept an answer to help future readers.