Hi Team,
I am planning to integrate Fireeye HX and Splunk and for the same I have installed the app from Splunk Base "FireEye App for Splunk Enterprise v3 | Splunkbase" on Heavy Forwarder and Search Head.
Also as mentioned in the document performed the below steps
On internal index I could see the below error and logs are not reflecting on Splunk
ERROR SearchOperator:kv [17796 TcpChannelThread] - Cannot compile RE \"<malware\sname=\"(?<malware_name>[\w-\.]{1,30})\"\s*(sid=\"(?<malware_sid>\d*)")?\s*(stype=\"(?<malware_stype>[\w-]{1,30})\")?\" for transform 'EXTRACT-malware-info_for_fireeye': Regex: invalid range in character class.
Any assistance for this issue will be much appreciated
can anyone please assist for this error?
Error message
ERROR TcpInputProc [11836 FwdDataReceiverThread] - Message rejected. Received unexpected message of size=1009989438 bytes from src=xx.xx.xx.xx in streaming mode. Maximum message size allowed=67108864. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload.
Here is my inputs.conf
[udp://xx.xx.xx.xx:876]
connection_host = dns
host = xxxxxx
index = yyyyyy
sourcetype = hx_cef_syslog
Can anyone please help?