All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

When editing index names, why the VT4Splunk Config Error?

nbowman
Path Finder
‎08-23-2023 02:17 PM

I'm running VT4Splunk 1.6.0  https://splunkbase.splunk.com/app/6654 It's deployed via the SH Cluster Deployer.

I'm trying to edit the index names, but get a generic error: "Unexpected error when Enabling/Disabling saved searches."

nbowman_0-1692825373750.png

Any ideas?

Labels (2)
0 Karma
Reply

etorres
Loves-to-Learn Lots
‎09-05-2023 12:02 PM

I open a ticket with VT.  Looks like current version have a bug that prevent the add-on to save configuration properly.  New version (1.6.1) will be release in the next days. 

0 Karma
Reply

etorres
Loves-to-Learn Lots
‎08-25-2023 12:41 PM

If you remove the check-mark Enable automatic correlation, do you still receive the error message? 

0 Karma
Reply

nbowman
Path Finder
‎08-25-2023 01:48 PM

Weird, I disabled that tick mark and made changes to the "Index name". Then hit save. Then reenabled it. Looks...like it worked. I'll do more testing.

0 Karma
Reply

nbowman
Path Finder
‎08-24-2023 09:11 AM

I enabled debugging in the app, but it didn't help. The error is generated by vt_validator.py in the validate function. I'm not entirely sure which line in try is throwing the exception.

  def validate(self, _, data):
    '''Validate method to perform action.'''
    try:
      self.vt_env = vt_environment.VirusTotalEnv(GetSessionKey().session_key)
      enabled = data.get('virustotal_saved_searches_enabled', 1)
      for name in self.saved_searches_names:
        saved_search = self.vt_env.service.saved_searches[name]
        saved_search.update(**{'is_scheduled': enabled}).refresh()
      return True
    except Exception: # pylint: disable=broad-except
      self.put_msg('Unexpected error when Enabling/Disabling saved searches.')
      logger.error('Unexpected error when Enabling/Disabling saved searches.')
      return False

 

0 Karma
Reply

etorres
Loves-to-Learn Lots
‎08-24-2023 08:41 AM

I'm also having the same error.  Spin up test environment I'm not able to test the app.  Any help will be appreciated. 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...