All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Recorded Future App - Invalid Key in Stanza [Proxy]

AhmadKhattak20
Explorer
‎02-25-2021 11:01 PM

Hi All,

I recently installed the Recorded Future App Version 1.0.13 on Splunk Search Head running version 8.0.3.

Followed the instructions mentioned in the integration guide of Recorded Future,
https://go.recordedfuture.com/hubfs/splunk-integration-guide.pdf

Initially I did not enable Enterprise Security however after some time I enabled the check and restarted the Search Head. 

I've been receiving a warning on Search Head i.e. "Health Check: One or more apps("TA-recordedfuture") that had previously been imported are not exporting configurations globally to system. Configuration objects not exported to System will be unavailable in Enterprise Security.

When I checked the messages which Splunk shows after restart in console, one of them was, Invalid Key in stanza [proxy] in /opt/splunk/etc/apps/TA-recordedfuture/local/recordedfuture_settings.conf line #

and when I checked that line # the content was proxy_rdns = 0. 

I've enabled the proxy settings and have verified that it is working alright so I'm not clear why this warning message is being shown on Search Head Web and on restarting I get the Invalid Key in stanza message.

I'd appreciate if anyone could help me understand this situation. Thanks.

 

Labels (1)
Labels
0 Karma
Reply

jammatthews
New Member
‎07-06-2023 01:20 PM

I have this exact same issue.
I have searched the web and this is the only reference to this issue I can locate. 

Did you ever get a resolution? Can you share?

0 Karma
Reply
Get Updates on the Splunk Community!

BORE at .conf25

Boss Of Regular Expression (BORE) was an interactive session run again this year at .conf25 by the brilliant ...

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...