Hi All,
Does anyone else have an issue where the Crowdstrike Stream modular input stops working? The process is still there but is hung. Killing the process allows Splunk to re-create the .py process and start collecting again. (this happens with other modular inputs too).
Why does this happen? Is this being addressed?
We're having the same issue, it stops working without any errors in the logs
I've noticed this too, every now and then the data feed just stops with no real errors or indication, a quick "disable & re-enable" of the input seems to fix it but would like to know what the issue is and if it
we are having the same issue.
support@crowdstrike.com - know how to prevent this?
We did open a case with them and their initial response was for us to check our network\firewalls... but nothing obvious was spotted and we're still waiting on further advise.
In the meantime we've seen that the TA is now cloud friendly so we're looking to migrate it from our on-site HF to our Cloud IDM which might fix it for us hopefully... but there's still definitely an issue to be resolved
I have case open with Crowdstrike support. They are in the process of creating a fix. There is a beta version right now. 2.0.8.
Any updates?
Where can I get this beta version 2.0.8?