All Apps and Add-ons

How to troubleshoot error "File contains no section headers" for the SA-SPLICE app?

jlockie
New Member

I am getting the following in our Splice logs

05-21-2015 11:10:57.421 -0700 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\SA-Splice\bin\taxii.py"" '\xef\xbb\xbf\n'
05-21-2015 11:10:56.919 -0700 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\SA-Splice\bin\taxii.py"" file: C:\Program Files\Splunk\etc\apps\SA-Splice\local\splice.conf, line: 1
05-21-2015 11:10:56.919 -0700 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\SA-Splice\bin\taxii.py"" ERRORFile contains no section headers.

I have MongoDB configured, and I can connect remotely using mongo.exe without credentials. I created the database "SPLICE" and I have the Splice app configured as such: mongodb://localhost:27017/SPLICE (mongodb is running on my Splunk server).
The IOC feed I am trying to connect to is the built-in "hailataxii" feed.

Does anyone have the first clue about these errors? Is this because I am running Splice in a Splunk Windows environment?

Tags (1)
0 Karma
1 Solution

cleroux_splunk
Splunk Employee
Splunk Employee

Splice has not been tested in Windows environment - it doesn't necessarily means that it doesn't works in such environments, just we don't know for sure!

According to the error I'm seeing here (File contains no section headers), make sure your splice.conf has the following format:

[splice]
mongo_connection_uri = mongodb://localhost:27017/splice

View solution in original post

cleroux_splunk
Splunk Employee
Splunk Employee

Splice has not been tested in Windows environment - it doesn't necessarily means that it doesn't works in such environments, just we don't know for sure!

According to the error I'm seeing here (File contains no section headers), make sure your splice.conf has the following format:

[splice]
mongo_connection_uri = mongodb://localhost:27017/splice

jlockie
New Member

Thanks. I ended up loading in Linux and Splice worked much better after that.

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...