All Apps and Add-ons

Cisco AMP for Endpoints Events Input is not having any input. Stuck at Please wait.

jet1276
Path Finder

Cisco AMP for Endpoints Events Input is stuck at "Please Wait" for all the tabs, Input, New Input and Configuration.

I can not perform any configuration or Input.

0 Karma

jscraig2006
Communicator

I know its been awhile for this question. I had the same issue.
1. Validate that outbound http is allowed from your splunk server
2. curl -k -X GET -H 'accept:application/json' -H 'content-type:application/json' --compressed -H 'Accept-Encoding:gzip,deflate' -u <THIRD_PARTY_API_KEY>:<API_KEY> 'https://api.amp.cisco.com/v1/computers'

If you get a list of computers back then you are good.
Locate base_connection.py under etc\apps\amp4e_events_input\bin\pika\adapters and look for DO_HANDSHAKE = True and change it to False
Restart Splunk

deepashri_123
Motivator

Hey @jet1276,

Please refer this doc and also check if the pre-requisites are met
https://splunkbase.splunk.com/app/3670/#/details

0 Karma

jet1276
Path Finder

Hi @deepashri_123,

I have gone through all the details and pre-requisites and all the properties are met.

I have all the details from API, key and Clinet ID. But the only thing is after installing the App I am not getting the Input tab.

0 Karma

p_gurav
Champion

Are you using clustered environment or single instance?

0 Karma

jet1276
Path Finder

@p_gurav

It's running on Single instance. And I even tried installing in different versions of splunk. But everywhere I'm getting the same result.

0 Karma