All Apps and Add-ons

Recorded Future App - Invalid Key in Stanza [Proxy]

AhmadKhattak20
Explorer

Hi All,

I recently installed the Recorded Future App Version 1.0.13 on Splunk Search Head running version 8.0.3.

Followed the instructions mentioned in the integration guide of Recorded Future,
https://go.recordedfuture.com/hubfs/splunk-integration-guide.pdf

Initially I did not enable Enterprise Security however after some time I enabled the check and restarted the Search Head. 

I've been receiving a warning on Search Head i.e. "Health Check: One or more apps("TA-recordedfuture") that had previously been imported are not exporting configurations globally to system. Configuration objects not exported to System will be unavailable in Enterprise Security.

When I checked the messages which Splunk shows after restart in console, one of them was, Invalid Key in stanza [proxy] in /opt/splunk/etc/apps/TA-recordedfuture/local/recordedfuture_settings.conf line #

and when I checked that line # the content was proxy_rdns = 0. 

I've enabled the proxy settings and have verified that it is working alright so I'm not clear why this warning message is being shown on Search Head Web and on restarting I get the Invalid Key in stanza message.

I'd appreciate if anyone could help me understand this situation. Thanks.

 

Labels (1)
0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!