Re: Resolving Error when using VirusTotal TA?

jhilton90 · ‎06-21-2023

I have installed and setup the VirusTotal TA with basic configuration i.e. API key and Max Batch Size just to test things.

However when I try to run the following command

index=advanced_hunting category="AdvancedHunting-UrlClickEvents" properties.UrlChain=*
| virustotal domain=properties.UrlChain

I get the following error

Error in 'virustotal' command: External search command exited unexpectedly with non-zero error code 1.

Streamed search execute failed because: Error in 'virustotal' command: External search command exited unexpectedly with non-zero error code 1.

I'm scrolling through Google but nothing is helping at the moment.

Was wondering if anyone else has experienced the same issue

vikas_gopal · ‎11-27-2023

Hi There ,

Are you able to resolve this issue ? if yes please post your workaround as I am also facing same issue .

jhilton90 · ‎11-27-2023

Unfortunately not no

vikas_gopal · ‎11-27-2023

sure thank you , I am trying to reach out to the addon creator and trying few things here . Will update here in case I come with something

vikas_gopal · ‎11-28-2023

Issue has been resolved after we provide admin permission to all the respective knowledge objects of this addon , like saved searches , lookups . I do not see this error any more

Resolving Error when using VirusTotal TA?

configuration

installation

troubleshooting

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation