All Apps and Add-ons

Found an error when run adaptive response actions in Splunk ES to send notable events to Splunk Phantom

nareerat_pr
Explorer

I tried to run adaptive response actions from the Incident Review page in Splunk ES to send a notable event to Splunk Phantom, the notable event is sent but there is no artifact on the container then I found the error log as the picture below.

error-log.png

Today I try to run this adaptive response with the same notable event again, there is no error and the container is sent to Splunk Phantom with all artifacts.

Has anyone found this error before? I want to know how to prevent this error.

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...