Solved: Nothing gets indexed for unknown reason

splunk0 · ‎03-25-2018

All I see in the log is:

log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2506 :INFO: Successfully create opsec environment
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2535 :INFO: Successfully initialize client/server-pair
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2553 :INFO: Successfully create session
[ 161687680][25 Mar 14:30:54] get_pkxld_path: cpshared_filename failed
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2596 :INFO: lea_get_first_file_info returned 4
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2597 :INFO: Available FW-1 Logfiles
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399793794 aID 1399793794
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399814080 aID 1399814080
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399829518 aID 1399829518
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399841761 aID 1399841761
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399852792 aID 1399852792

splunk0 · ‎04-18-2018

I eventually just deleted all and installed from the Wen Interface. It works fine.

View solution in original post

splunk0 · ‎04-18-2018

I eventually just deleted all and installed from the Wen Interface. It works fine.

richgalloway · ‎04-18-2018

@splunk0 If your problem is resolved, please accept an answer to help future readers.

---
If this reply helps you, Karma would be appreciated.

tiagofbmm · ‎03-25-2018

We need more info about this. What were you trying to ingest? Can you search the internal indexes or the log you are showing is from a tail in the command line?

What is your environment, standalone, distributed?

splunk0 · ‎03-25-2018

I just followed this guide:
https://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Troubleshoot

The logs in the original post are from splunk_ta_checkpoint-opseclea_modinput.log
just continues with the same type of message:
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID aID
countless of times but nothing gets logged to index=opsec

The beginning of the file shows: get_pkxld_path: cpshared_filename failed
Maybe that is an indecation for something?

Does it matter if its standalone or not? I don't think it matters.

splunker12er · ‎04-03-2018

Do you manage this checkpoint device ?

check this link for the error message
The HKLM_registry.data file is corrupted.

splunk0 · ‎04-18-2018

I eventually just deleted all and installed from the Wen Interface. It works fine.

Nothing gets indexed for unknown reason

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor