All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Recorded Future App - Invalid Key in Stanza [Proxy]

AhmadKhattak20
Explorer
‎02-25-2021 11:01 PM

Hi All,

I recently installed the Recorded Future App Version 1.0.13 on Splunk Search Head running version 8.0.3.

Followed the instructions mentioned in the integration guide of Recorded Future,
https://go.recordedfuture.com/hubfs/splunk-integration-guide.pdf

Initially I did not enable Enterprise Security however after some time I enabled the check and restarted the Search Head. 

I've been receiving a warning on Search Head i.e. "Health Check: One or more apps("TA-recordedfuture") that had previously been imported are not exporting configurations globally to system. Configuration objects not exported to System will be unavailable in Enterprise Security.

When I checked the messages which Splunk shows after restart in console, one of them was, Invalid Key in stanza [proxy] in /opt/splunk/etc/apps/TA-recordedfuture/local/recordedfuture_settings.conf line #

and when I checked that line # the content was proxy_rdns = 0. 

I've enabled the proxy settings and have verified that it is working alright so I'm not clear why this warning message is being shown on Search Head Web and on restarting I get the Invalid Key in stanza message.

I'd appreciate if anyone could help me understand this situation. Thanks.

 

Labels (1)
Labels
0 Karma
Reply

jammatthews
New Member
‎07-06-2023 01:20 PM

I have this exact same issue.
I have searched the web and this is the only reference to this issue I can locate. 

Did you ever get a resolution? Can you share?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...