All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

AbuseIPdb_check syntax and usage

cybermonday
Explorer
‎02-09-2021 11:05 PM

The Splunk app AbuseIPdb_check (https://splunkbase.splunk.com/app/4903) is not working as expected after copying the config.json file to this app's local directory and putting my AbuseIPDB API key.


I have tried with syntax as below - 

| makeresults | eval ip="94.201.237.206" | abuseip ipfield=ip

| makeresults | eval ip="94.201.237.206" |abuseip(ip)

The error on Splunk web is -- Error in 'script': Get info probe failed for external search command 'abuseip'. 

i did not find anything relevant as a pointer when checked in Splunk _internal logs for this. 

Under all configuration "abuseip" is mentioned as config type - command with enabled status and global sharing permissions. 

 

Has it worked for anyone? any direction/solution pointer would be appreciable.  

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!