- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Nothing gets indexed for unknown reason
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All I see in the log is:
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2506 :INFO: Successfully create opsec environment
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2535 :INFO: Successfully initialize client/server-pair
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2553 :INFO: Successfully create session
[ 161687680][25 Mar 14:30:54] get_pkxld_path: cpshared_filename failed
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2596 :INFO: lea_get_first_file_info returned 4
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2597 :INFO: Available FW-1 Logfiles
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399793794 aID 1399793794
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399814080 aID 1399814080
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399829518 aID 1399829518
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399841761 aID 1399841761
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID 1399852792 aID 1399852792
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I eventually just deleted all and installed from the Wen Interface. It works fine.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I eventually just deleted all and installed from the Wen Interface. It works fine.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@splunk0 If your problem is resolved, please accept an answer to help future readers.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We need more info about this. What were you trying to ingest? Can you search the internal indexes or the log you are showing is from a tail in the command line?
What is your environment, standalone, distributed?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just followed this guide:
https://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Troubleshoot
The logs in the original post are from splunk_ta_checkpoint-opseclea_modinput.log
just continues with the same type of message:
log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles_dict code_line_no:2601 :INFO: - purged nID aID
countless of times but nothing gets logged to index=opsec
The beginning of the file shows: get_pkxld_path: cpshared_filename failed
Maybe that is an indecation for something?
Does it matter if its standalone or not? I don't think it matters.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you manage this checkpoint device ?
check this link for the error message
The HKLM_registry.data file is corrupted.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I eventually just deleted all and installed from the Wen Interface. It works fine.
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
