All Apps and Add-ons

Problems to collect logs from checkpoint OP SEC



We have a problem with OP SEC LEA, the splunk restarted for a problem of storage because is over a Centos7, since there we cant collect logs from checkpoint and we have the next message.

2019-05-10 17:59:58,532 +0000 log_level=ERROR, pid=2081, tid=Thread-4,, func_name=index_data, code_line_no=108 | [input_name="live_checkpoint_fixed_new1" data="non_audit"] Failed to index data, reason:
Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/splunk_ta_checkpoint_opseclea/splunktaucclib/data_collection/", line 105, in index_data
File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/splunk_ta_checkpoint_opseclea/splunktaucclib/data_collection/", line 148, in _do_safe_index
self._client = self._create_data_client()
File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/splunk_ta_checkpoint_opseclea/splunktaucclib/data_collection/", line 73, in _create_data_client
ckpt = self._get_ckpt()
File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/splunk_ta_checkpoint_opseclea/splunktaucclib/data_collection/", line 64, in _get_ckpt
return self._checkpoint_manager.get_ckpt()
File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/splunk_ta_checkpoint_opseclea/splunktaucclib/data_collection/", line 32, in get_ckpt
return self._store.get_state(key)
File "/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/splunk_ta_checkpoint_opseclea/splunktalib/", line 202, in get_state
state = json.load(jsonfile)
File "/opt/splunk/lib/python2.7/json/", line 291, in load
File "/opt/splunk/lib/python2.7/json/", line 339, in loads
return _default_decoder.decode(s)
File "/opt/splunk/lib/python2.7/json/", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/opt/splunk/lib/python2.7/json/", line 382, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded

We hope someone can help us.


0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...