All Apps and Add-ons

Getting checkpointer error for alerts in Sophos Add-on for splunk

ajaycitrus
New Member

I have installed the Sophos on Add for Splunk (https://splunkbase.splunk.com/app/4096/ ) on HF

I am able to receive the events perfectly but i get the below error when i configure it to pull alerts:

2020-03-05 11:52:19,263 ERROR pid=176598 tid=MainThread file=base_modinput.py:log_error:307 |
{"has_more":false,"next_cursor":"xxxxxxxxLTAzLTA1VDEwOjUyOjE5LjIwM1o=","items":[]}

0 Karma

eegiievol
Explorer

Could you please help me. Is there anything else I have to modify except inputs.conf. I have trouble getting data onboard. 

0 Karma

konstr
Path Finder

I am having the exact same issue, did you manage to figure it out?

0 Karma

ajaycitrus
New Member

I have upgraded to the latest version.

Now, its polls data one-twice in a day although polling interval is set at 30 seconds.
Most of the times, it fails but once or twice, the request goes through and pulls all the data ( there is no gap in the data)

0 Karma
Get Updates on the Splunk Community!

Customer Experience | Splunk 2024: New Onboarding Resources

In 2023, we were routinely reminded that the digital world is ever-evolving and susceptible to new ...

Celebrate CX Day with Splunk: Take our interactive quiz, join our LinkedIn Live ...

Today and every day, Splunk celebrates the importance of customer experience throughout our product, ...

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...