All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to complete Fireeye HX and Splunk Integration?

spl10
Explorer
‎11-15-2022 03:48 AM

Hi Team,

I am planning to integrate Fireeye HX and Splunk and for the same I have installed the app from Splunk Base "FireEye App for Splunk Enterprise v3 | Splunkbase" on Heavy Forwarder and Search Head.

Also as mentioned in the document performed the below steps 

  • The HX appliance logging cannot be set from the GUI as of right now, please use the CLI:
    hostname # logging <remote-IP-address> trap none
    hostname # logging <remote-IP-address> trap override class cef priority info
    hostname # write mem

On internal index I could see the below error and logs are not reflecting on Splunk

ERROR SearchOperator:kv [17796 TcpChannelThread] - Cannot compile RE \"<malware\sname=\"(?<malware_name>[\w-\.]{1,30})\"\s*(sid=\"(?<malware_sid>\d*)")?\s*(stype=\"(?<malware_stype>[\w-]{1,30})\")?\" for transform 'EXTRACT-malware-info_for_fireeye': Regex: invalid range in character class.

Any assistance for this issue will be much appreciated

Labels (1)
Labels
0 Karma
Reply

spl10
Explorer
‎12-07-2022 05:16 AM

can anyone please assist for this error?

Error message

ERROR TcpInputProc [11836 FwdDataReceiverThread] - Message rejected. Received unexpected message of size=1009989438 bytes from src=xx.xx.xx.xx in streaming mode. Maximum message size allowed=67108864. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload.

Here is my inputs.conf

[udp://xx.xx.xx.xx:876]
connection_host = dns
host = xxxxxx
index = yyyyyy
sourcetype = hx_cef_syslog

0 Karma
Reply

spl10
Explorer
‎11-17-2022 01:26 AM

Can anyone please help?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...