All Apps and Add-ons

Cisco AMP for Endpoints Events Input is not having any input. Stuck at Please wait.

jet1276
Path Finder

Cisco AMP for Endpoints Events Input is stuck at "Please Wait" for all the tabs, Input, New Input and Configuration.

I can not perform any configuration or Input.

0 Karma

jscraig2006
Communicator

I know its been awhile for this question. I had the same issue.
1. Validate that outbound http is allowed from your splunk server
2. curl -k -X GET -H 'accept:application/json' -H 'content-type:application/json' --compressed -H 'Accept-Encoding:gzip,deflate' -u <THIRD_PARTY_API_KEY>:<API_KEY> 'https://api.amp.cisco.com/v1/computers'

If you get a list of computers back then you are good.
Locate base_connection.py under etc\apps\amp4e_events_input\bin\pika\adapters and look for DO_HANDSHAKE = True and change it to False
Restart Splunk

deepashri_123
Motivator

Hey @jet1276,

Please refer this doc and also check if the pre-requisites are met
https://splunkbase.splunk.com/app/3670/#/details

0 Karma

jet1276
Path Finder

Hi @deepashri_123,

I have gone through all the details and pre-requisites and all the properties are met.

I have all the details from API, key and Clinet ID. But the only thing is after installing the App I am not getting the Input tab.

0 Karma

p_gurav
Champion

Are you using clustered environment or single instance?

0 Karma

jet1276
Path Finder

@p_gurav

It's running on Single instance. And I even tried installing in different versions of splunk. But everywhere I'm getting the same result.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...