Re: Getting checkpointer error for alerts in Sopho...

ajaycitrus · ‎03-05-2020

I have installed the Sophos on Add for Splunk (https://splunkbase.splunk.com/app/4096/ ) on HF

I am able to receive the events perfectly but i get the below error when i configure it to pull alerts:

2020-03-05 11:52:19,263 ERROR pid=176598 tid=MainThread file=base_modinput.py:log_error:307 |
{"has_more":false,"next_cursor":"xxxxxxxxLTAzLTA1VDEwOjUyOjE5LjIwM1o=","items":[]}

eegiievol · ‎09-02-2020

Could you please help me. Is there anything else I have to modify except inputs.conf. I have trouble getting data onboard.

konstr · ‎03-26-2020

I am having the exact same issue, did you manage to figure it out?

ajaycitrus · ‎03-28-2020

I have upgraded to the latest version.

Now, its polls data one-twice in a day although polling interval is set at 30 seconds.
Most of the times, it fails but once or twice, the request goes through and pulls all the data ( there is no gap in the data)

Getting checkpointer error for alerts in Sophos Add-on for splunk

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation