I have installed the Sophos on Add for Splunk (https://splunkbase.splunk.com/app/4096/ ) on HF
I am able to receive the events perfectly but i get the below error when i configure it to pull alerts:
2020-03-05 11:52:19,263 ERROR pid=176598 tid=MainThread file=base_modinput.py:log_error:307 |
I have upgraded to the latest version.
Now, its polls data one-twice in a day although polling interval is set at 30 seconds.
Most of the times, it fails but once or twice, the request goes through and pulls all the data ( there is no gap in the data)