I have installed the Sophos on Add for Splunk (https://splunkbase.splunk.com/app/4096/ ) on HF
I am able to receive the events perfectly but i get the below error when i configure it to pull alerts:
2020-03-05 11:52:19,263 ERROR pid=176598 tid=MainThread file=basemodinput.py:logerror:307 |
I am having the exact same issue, did you manage to figure it out?
I have upgraded to the latest version.
Now, its polls data one-twice in a day although polling interval is set at 30 seconds.
Most of the times, it fails but once or twice, the request goes through and pulls all the data ( there is no gap in the data)