Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
All Apps and Add-ons
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Troubleshooting Cisco Cloudlock Data Input
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Troubleshooting Cisco Cloudlock Data Input
richardphung
Communicator
09-16-2020
11:59 AM
I have installed the Cisco Cloudlock for Splunk app:
https://splunkbase.splunk.com/app/3043/
And configured the API-token, URL, etc, as documented here:
https://github.com/CiscoDevNet/cloud-security/tree/master/Cloudlock/Splunk/Cisco%20Cloudlock%20Splun...
However, I'm not seeing any data.
I don't see any outbound connections or calls to the API service via netstat
And I don't see a corresponding log for the input in /opt/splunk/var/log/splunk
How else can I monitor/check the status of the Data Input?
Thanks!
@yaronc
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
richardphung
Communicator
09-16-2020
12:48 PM
from my splunkd.log:
09-16-2020 15:44:31.022 -0400 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py" InsecureRequestWarning)
09-16-2020 15:44:31.272 -0400 INFO ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py" Received HTTP Code: 200
09-16-2020 15:44:31.276 -0400 INFO ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py" CloudLock: 100 new incidents found
09-16-2020 15:44:31.331 -0400 INFO ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py" CloudLock: Getting last incidents from 2020-03-10T17:50:36.979766+00:00 (offset 100)
09-16-2020 15:44:31.333 -0400 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py" /opt/splunk/lib/python2.7/site-packages/urllib3/connectionpool.py:851: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
09-16-2020 15:44:31.333 -0400 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py" InsecureRequestWarning)
09-16-2020 15:44:31.367 -0400 INFO ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py" Received HTTP Code: 429
09-16-2020 15:44:31.367 -0400 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py" 429 Client Error: TOO MANY REQUESTS for url: https://api.cloudlock.com/api/v2/incidents?count_total=false&updated_after=2020-03-10T17%3A50%3A36.979766%2B00%3A00&offset=100&order=updated_at&limit=100This looks like it's working.. just no events in index.
Get Updates on the Splunk Community!
Observability | How to Think About Instrumentation Overhead (White Paper)
Novice observability practitioners are often overly obsessed with performance. They might approach ...
Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)
IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud
Today many enterprises ...
The Great Resilience Quest: 10th Leaderboard Update
The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >>
As our brave ...
