All Apps and Add-ons

Disable Autofocus feature in Splunk App and TA

wild0104
Explorer

We're running Splunk 6.6.1 doing both search head and indexer clustering, I recently upgraded the Palo Alto Networks App to v5.4.0 and the Palo Alto Networks Add-on for Splunk to v3.8.0. After doing this and deploying it out to the search heads and indexers they are getting the following errors:

Search Heads:
Search peer sh-server-1 has the following message: Unable to initialize modular input "autofocus_export" defined inside the app "Splunk_TA_PaloAlto": Introspecting scheme=autofocus_export: script running failed (exited with code 1).

Indexers:
Search peer idx-server-1 has the following message: Unable to initialize modular input "autofocus_export" defined inside the app "Splunk_TA_PaloAlto": Unable to locate suitable script for introspection.

After reading about the Autofocus feature it doesn't appear to be something that we need or would use, but seems to be generating the errors above. I'd like to just disable it so it stops throwing the errors, but can't seem to find any documentation other than how to configure/set it up on the Palo Alto Networks documentation.

Any assistance would be greatly appreciated.

Thanks,
Jacob

wild0104
Explorer

I upgraded The Splunk_TA_paloalto to v3.8.1 and the SplunkforPaloAltoNetworks App to v5.4.1 and this resolved my errors.

0 Karma

lfedak_splunk
Splunk Employee
Splunk Employee

Hey @wild0104, I converted this to an answer awaiting "√Accept" if you'd like to accept it as the solution.

0 Karma

caseypike
Path Finder

I am running Splunk 6.6.1 and Splunk_TA_palo 3.8.1 and still get the Unable to initialize modular input "autofocus_export" defined inside the app "Splunk_TA_PaloAlto": Unable to locate suitable script for introspection. on my indexers...

abhinav_maxonic
Path Finder

Did you find any solution to this problem?

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...