All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cisco AMP for Endpoints Events Input: Saving a new Input returns status 404

taasai
New Member
‎11-26-2017 09:52 PM

Hi,
WHen I am trying to save a new Input, the following response is coming back.
"Input could not be saved:
the server responded with status 404"

I just copied and pasted the API I and the API Key that were shown on the AMP Console GUID, host name is "api.apjc.amp.cisco.com" as long as I use the APJC AMP tower. I checked the following document.
https://api-docs.amp.cisco.com/

Does anyone know how to configure and save the info?

0 Karma
Reply

jgedeon_splunk
Splunk Employee
Splunk Employee
‎02-02-2018 04:10 PM

It looks like this issue should be fixed in the next release version, the fix is here:

https://github.com/Cisco-AMP/amp4e_splunk_events_input/issues/1

0 Karma
Reply

hardikJsheth
Motivator
‎11-27-2017 04:14 AM

What error are you getting when you perform save operation in splunkd.log?

0 Karma
Reply

taasai
New Member
‎11-27-2017 06:29 AM

do you mean this file?
"source = /opt/splunk/var/log/splunk/splunkd.log"
I got no entry for the file when I save. But I got the following

2017-11-27 23:12:23,566 ERROR Amp4eEvents - API Error (status 400): {"version":"v1.2.0","metadata":{"links":{"self":"https://api.apjc.amp.cisco.com/v1/event_streams"}},"data":{},"errors":[{"error_code":400,"descriptio... Request","details":["the server responded with status 404"]}]}
host = localhost.localdomain source = /opt/splunk/var/log/splunk/amp4e_events_input.log sourcetype = amp4e_events_input-2

2017-11-27 23:12:23,566 INFO Amp4eEvents - Received response from ApiService (400)
host = localhost.localdomain source = /opt/splunk/var/log/splunk/amp4e_events_input.log sourcetype = amp4e_events_input-2

2017-11-27 23:12:22,672 INFO Amp4eEvents - ApiService - creating stream with params {'group_guid': [], 'name': u'host', 'event_type': [u'1090519054']}
host = localhost.localdomain source = /opt/splunk/var/log/splunk/amp4e_events_input.log sourcetype = amp4e_events_input-2

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...