I am seeing this error message from Mimecast TA,
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-mimecast-for-splunk/bin/mimecast_audit.py" ERRORHTTPSConnectionPool(host='us-api.mimecast.com', port=443): Max retries exceeded with url: /api/audit/get-audit-events (Caused by ReadTimeoutError("HTTPSConnectionPool(host='us-api.mimecast.com', port=443): Read timed out. (read timeout=30.0)",))
Did the Mimecast API change or it is something else causing this issue? Mimecast audit log is not getting received due to this issue.
It looks like, your connection is getting blocked by proxy.
check in your proxy logs if you are behind any proxy.
or you could check on your own laptop where everything is opened to see you are able to connect.
@thambisetty We do not have any proxy. There other inputs of this TA that are ingesting fine. Except this audit logs .
Its looking like connection error only Based on the error you have posted.
can you Check in internal what is the domain used for other logs ? Is that same us-api.mimiecast.com
@thambisetty Do you have any suggestions on this?
I have changed a lot this TA 1.5 years ago to make it work.
I really need to look into it to understand where the problem is.
please message me, I can look it into for you.
That's correct, the domain is us-api.mimecast.com. That's base url to use for U.S