All Apps and Add-ons

Rapid7 Nexpose Technology Add-on for Splunk: Does this app support Splunk v7.0.0?

mlevsh
Builder

1) We are testing "Rapid7 Nexpose Technology add-on for Splunk" on Splunk v. 6.5.3 and we are in the process of upgrading Splunk to 7.0.# (7.0.0.1) . Is Rapid7 add-on supported in Splunk v. 7?

2) we installed and configured Rapid7 add-on in our DEV env. We are getting data, but there is an error message in TA-rapid7_nexpose.log: "Error sending metrics". What does this error mean?

2017-11-29 10:36:38,248 INFO    nx_logger:38 - Retrieving password
2017-11-29 10:36:38,396 INFO    nx_logger:38 - Loading Splunk password response
2017-11-29 10:36:38,397 INFO    nx_logger:38 - Parsing Splunk password response
2017-11-29 10:36:38,489 INFO    nx_logger:38 - Sending statistics data to Nexpose
2017-11-29 10:36:52,129 INFO    nx_logger:38 - Retrieving password
2017-11-29 10:36:52,242 INFO    nx_logger:38 - Loading Splunk password response
2017-11-29 10:36:52,242 INFO    nx_logger:38 - Parsing Splunk password response
2017-11-29 10:36:52,351 INFO    nx_logger:38 - Sending statistics data to Nexpose
2017-11-29 10:36:55,736 ERROR   nx_logger:32 - Error sending metrics.
2017-11-29 10:36:55,737 INFO    nx_logger:38 - Platform is Linux or Mac

.........

0 Karma

ruzzetto
New Member

Hello,
I've installed rapid7 app. I configured input and connection parameters. It seems to be ok but when I try to open the app splunk returns 404 error.
My log file is the same of @Sahr_Lebbie

Thanks

0 Karma

jonathan_stewar
Path Finder

Hi @mlevsh,
1) We haven't tested against Splunk 7 yet, but expect to test against it soon. Reading the release notes for Splunk 7, I haven't seen anything yet that would be breaking. So it would be a case of testing the app in your local Splunk 7.

2) You can ignore that error, its a health check in the app for Nexpose, but it doesn't affect your data or the app performace.

I'm glad to hear the App is running well for you. Are you testing with Splunk 7 in your DEV env?

Sahr_Lebbie
Path Finder

Hi Jonathan,

All I seem to see are these events in the TA's logs but no events in Splunk. Do you have any suggestions on testing further? I am on Spunk 7.0.2 and I did notice your comments from the post above.

2018-07-26 18:40:59,029 INFO nx_logger:38 - Saving changes made on configuration screen...
2018-07-26 18:40:59,114 INFO nx_logger:38 - Sucessfully retrieved stored config for Nexpose.
2018-07-26 18:40:59,125 INFO nx_logger:38 - Password retrieved.
2018-07-26 18:40:59,246 INFO nx_logger:38 - Executing nexpose_setup.py
2018-07-26 18:40:59,246 INFO nx_logger:38 - Listing the fields for the set up screen...
2018-07-26 18:40:59,432 INFO nx_logger:38 - Executing nexpose_setup.py
2018-07-26 18:40:59,527 INFO nx_logger:38 - Executing nexpose_setup.py
2018-07-26 18:40:59,528 INFO nx_logger:38 - Listing the fields for the set up screen...
2018-07-26 18:40:59,711 INFO nx_logger:38 - Executing nexpose_setup.py
2018-07-26 18:40:59,807 INFO nx_logger:38 - Executing nexpose_setup.py
2018-07-28 04:00:00,167 INFO nx_logger:38 - Retrieving password
2018-07-28 04:00:00,245 INFO nx_logger:38 - Loading Splunk password response
2018-07-28 04:00:00,245 INFO nx_logger:38 - Parsing Splunk password response
2018-07-28 05:10:00,166 INFO nx_logger:38 - Retrieving password
2018-07-28 05:10:00,240 INFO nx_logger:38 - Loading Splunk password response
2018-07-28 05:10:00,240 INFO nx_logger:38 - Parsing Splunk password response
2018-07-29 04:00:00,170 INFO nx_logger:38 - Retrieving password
2018-07-29 04:00:00,245 INFO nx_logger:38 - Loading Splunk password response
2018-07-29 04:00:00,245 INFO nx_logger:38 - Parsing Splunk password response
2018-07-29 05:10:00,163 INFO nx_logger:38 - Retrieving password
2018-07-29 05:10:00,238 INFO nx_logger:38 - Loading Splunk password response
2018-07-29 05:10:00,238 INFO nx_logger:38 - Parsing Splunk password response
2018-07-30 04:00:00,532 INFO nx_logger:38 - Retrieving password
2018-07-30 04:00:00,680 INFO nx_logger:38 - Loading Splunk password response
2018-07-30 04:00:00,680 INFO nx_logger:38 - Parsing Splunk password response
2018-07-30 05:10:00,477 INFO nx_logger:38 - Retrieving password
2018-07-30 05:10:00,640 INFO nx_logger:38 - Loading Splunk password response
2018-07-30 05:10:00,640 INFO nx_logger:38 - Parsing Splunk password response
2018-07-31 04:00:00,258 INFO nx_logger:38 - Retrieving password
2018-07-31 04:00:00,331 INFO nx_logger:38 - Loading Splunk password response
2018-07-31 04:00:00,332 INFO nx_logger:38 - Parsing Splunk password response
2018-07-31 05:10:00,182 INFO nx_logger:38 - Retrieving password
2018-07-31 05:10:00,257 INFO nx_logger:38 - Loading Splunk password response
2018-07-31 05:10:00,257 INFO nx_logger:38 - Parsing Splunk password response

0 Karma

lfedak_splunk
Splunk Employee
Splunk Employee

Hey @jonathan_stewart, I noticed you answered some question about this application before. Do you have any insight on the questions above?

0 Karma
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...