Solved: Code42 402 Errors for API calls

frankwayne · ‎02-21-2019

When the input add-on calls the below API URL, it gets a 402 error. (About 100,000 at a time, in our case.) What is the missing licensing requirement? And how would you turn this off, if you weren't licensed for it?

https://<host>:4285/c42api/v3/SecurityEventsLocation?userUid=<some-uid>;

aplura_llc_supp · ‎02-22-2019

If you are not licensed for Security Events (to determine your licensing levels, please contact Code42 Sales), or to remove the errors, you need to uncheck the Security box from the Modular Input configuration. Those calls are only made during collection of security events.

View solution in original post

aplura_llc_supp · ‎02-22-2019

If you are not licensed for Security Events (to determine your licensing levels, please contact Code42 Sales), or to remove the errors, you need to uncheck the Security box from the Modular Input configuration. Those calls are only made during collection of security events.

frankwayne · ‎02-22-2019

Thank you. That solved the problem.

Code42 402 Errors for API calls

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation