All Apps and Add-ons

Troubleshooting Cisco Cloudlock Data Input

richardphung
Communicator

I have installed the Cisco Cloudlock for Splunk app:
https://splunkbase.splunk.com/app/3043/

And configured the API-token, URL, etc, as documented here:
https://github.com/CiscoDevNet/cloud-security/tree/master/Cloudlock/Splunk/Cisco%20Cloudlock%20Splun...

However, I'm not seeing any data.

I don't see any outbound connections or calls to the API service via netstat
And I don't see a corresponding log for the input in /opt/splunk/var/log/splunk

How else can I monitor/check the status of the Data Input?

Thanks!
@yaronc 

Labels (2)
0 Karma

richardphung
Communicator

from my splunkd.log:

09-16-2020 15:44:31.022 -0400 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py"   InsecureRequestWarning)
09-16-2020 15:44:31.272 -0400 INFO  ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py" Received HTTP Code: 200
09-16-2020 15:44:31.276 -0400 INFO  ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py" CloudLock: 100 new incidents found
09-16-2020 15:44:31.331 -0400 INFO  ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py" CloudLock: Getting last incidents from 2020-03-10T17:50:36.979766+00:00 (offset 100)
09-16-2020 15:44:31.333 -0400 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py" /opt/splunk/lib/python2.7/site-packages/urllib3/connectionpool.py:851: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
09-16-2020 15:44:31.333 -0400 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py"   InsecureRequestWarning)
09-16-2020 15:44:31.367 -0400 INFO  ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py" Received HTTP Code: 429
09-16-2020 15:44:31.367 -0400 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/cloudlock/bin/cloudlock.py" 429 Client Error: TOO MANY REQUESTS for url: https://api.cloudlock.com/api/v2/incidents?count_total=false&updated_after=2020-03-10T17%3A50%3A36.979766%2B00%3A00&offset=100&order=updated_at&limit=100

This looks like it's working.. just no events in index.

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...