All Apps and Add-ons

Problems to collect logs from checkpoint OP SEC



We have a problem with OP SEC LEA, the splunk restarted for a problem of storage because is over a Centos7, since there we cant collect logs from checkpoint and we have the next message.

2019-05-10 17:59:58,532 +0000 log_level=ERROR, pid=2081, tid=Thread-4,, func_name=index_data, code_line_no=108 | [input_name="live_checkpoint_fixed_new1" data="non_audit"] Failed to index data, reason:
Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/splunk_ta_checkpoint_opseclea/splunktaucclib/data_collection/", line 105, in index_data
File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/splunk_ta_checkpoint_opseclea/splunktaucclib/data_collection/", line 148, in _do_safe_index
self._client = self._create_data_client()
File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/splunk_ta_checkpoint_opseclea/splunktaucclib/data_collection/", line 73, in _create_data_client
ckpt = self._get_ckpt()
File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/splunk_ta_checkpoint_opseclea/splunktaucclib/data_collection/", line 64, in _get_ckpt
return self._checkpoint_manager.get_ckpt()
File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/splunk_ta_checkpoint_opseclea/splunktaucclib/data_collection/", line 32, in get_ckpt
return self._store.get_state(key)
File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/splunk_ta_checkpoint_opseclea/splunktalib/", line 202, in get_state
state = json.load(jsonfile)
File "/opt/splunk/lib/python2.7/json/", line 291, in load
File "/opt/splunk/lib/python2.7/json/", line 339, in loads
return _default_decoder.decode(s)
File "/opt/splunk/lib/python2.7/json/", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/opt/splunk/lib/python2.7/json/", line 382, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded

We hope someone can help us.


0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!