All Apps and Add-ons

When editing index names, why the VT4Splunk Config Error?

nbowman
Path Finder

I'm running VT4Splunk 1.6.0  https://splunkbase.splunk.com/app/6654 It's deployed via the SH Cluster Deployer.

I'm trying to edit the index names, but get a generic error: "Unexpected error when Enabling/Disabling saved searches."

nbowman_0-1692825373750.png

Any ideas?

Labels (2)
0 Karma

etorres
Loves-to-Learn Lots

I open a ticket with VT.  Looks like current version have a bug that prevent the add-on to save configuration properly.  New version (1.6.1) will be release in the next days. 

0 Karma

etorres
Loves-to-Learn Lots

If you remove the check-mark Enable automatic correlation, do you still receive the error message? 

0 Karma

nbowman
Path Finder

Weird, I disabled that tick mark and made changes to the "Index name". Then hit save. Then reenabled it. Looks...like it worked. I'll do more testing.

0 Karma

nbowman
Path Finder

I enabled debugging in the app, but it didn't help. The error is generated by vt_validator.py in the validate function. I'm not entirely sure which line in try is throwing the exception.

  def validate(self, _, data):
    '''Validate method to perform action.'''
    try:
      self.vt_env = vt_environment.VirusTotalEnv(GetSessionKey().session_key)
      enabled = data.get('virustotal_saved_searches_enabled', 1)
      for name in self.saved_searches_names:
        saved_search = self.vt_env.service.saved_searches[name]
        saved_search.update(**{'is_scheduled': enabled}).refresh()
      return True
    except Exception: # pylint: disable=broad-except
      self.put_msg('Unexpected error when Enabling/Disabling saved searches.')
      logger.error('Unexpected error when Enabling/Disabling saved searches.')
      return False

 

0 Karma

etorres
Loves-to-Learn Lots

I'm also having the same error.  Spin up test environment I'm not able to test the app.  Any help will be appreciated. 

0 Karma
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf24, and Community Connections

Thank you to everyone in the Splunk Community who joined us for .conf24 – starting with Splunk University and ...

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...