First time setting up the Splunk version of this app, normally just use the crowdstrike version that downloads the logs and just create inputs to monitor.

2017-06-13 11:21:17,081 +0000 log_level=ERROR, pid=31446, tid=Thread-4, file=ta_data_collector.py, func_name=_do_safe_index, code_line_no=170 | [stanza_name="company_cs"] Failed to get msg
Traceback (most recent call last):
File "/opt/app/splunk/etc/apps/Splunk_TA_crowdstrike/bin/splunk_ta_crowdstrike/splunktaucclib/data_collection/ta_data_collector.py", line 160, in _do_safe_index
events, ckpt = self._client.get()
File "/opt/app/splunk/etc/apps/Splunk_TA_crowdstrike/bin/splunk_ta_crowdstrike/falcon_host_data_client.py", line 60, in get
self._initialize()
File "/opt/app/splunk/etc/apps/Splunk_TA_crowdstrike/bin/splunk_ta_crowdstrike/falcon_host_data_client.py", line 104, in _initialize
app_id=app_id, proxies=proxies, name=self._stanza)
File "/opt/app/splunk/etc/apps/Splunk_TA_crowdstrike/bin/splunk_ta_crowdstrike/falcon_host_stream_api.py", line 31, in consume
stream = _discover_streams(name, fire_host, api_uuid, api_key, app_id, proxies)
File "/opt/app/splunk/etc/apps/Splunk_TA_crowdstrike/bin/splunk_ta_crowdstrike/falcon_host_stream_api.py", line 42, in _discover_streams
proxies=proxies))
File "/opt/app/splunk/etc/apps/Splunk_TA_crowdstrike/bin/splunk_ta_crowdstrike/falcon_host_stream_api.py", line 151, in _ensure_response
response.raise_for_status()
File "/opt/app/splunk/etc/apps/Splunk_TA_crowdstrike/bin/splunk_ta_crowdstrike/requests/models.py", line 862, in raise_for_status
raise HTTPError(http_error_msg, response=self)
HTTPError: 500 Server Error: Internal Server Error for url: https://firehose.crowdstrike.com/sensors/entities/datafeed/v1?appId=splunk-ta-sh1.company.domainj2