- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- RSS feeds ingest problems
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RSS feeds ingest problems
Hello
wonder if anyone got this app working for rss feeds?.
https://splunkbase.splunk.com/app/2646/#/details
Broad feed support: the input supports all of the major feed types (RSS, ATOM, RDF) and will automatically determine the type of the feed and import it automatically
was only able to ingest BBC news, cisco webex status feed .
the ones i am interested in fail with error
But these fail to be ingested ; the error is same for all the feeds tested
Does not look like a dns error as it works for bbc & webex url.
same error from test machine fully open to the internet.
Supported Splunk Versions: 7.2, 7.3, 8.0, 8.1, 8.2 ;
http TRACE:
Request URL:
https://www.csoonline.com/in/index.rss
Request Method:
GET
Status Code:
200 OK
Remote Address:
172.22.59.131:80
ERROR TRACE:
2021-11-16 19:25:53,176 ERROR Unable to get the feed, url=https://www.infosecurity-magazine.com/rss/news Traceback (most recent call last):
File "/opt/splunk/etc/apps/syndication/bin/syndication.py", line 350, in run results, last_entry_date_retrieved = self.get_feed(feed_url.geturl(), return_latest_date=True, include_later_than=last_entry_date, logger=self.logger, username=username, password=password, clean_html=clean_html)
File "/opt/splunk/etc/apps/syndication/bin/syndication.py", line 167, in get_feed d = feedparser.parse(feed_url)
File "/opt/splunk/etc/apps/syndication/bin/syndication_app/feedparser/api.py", line 241, in parse data = _open_resource(url_file_stream_or_string, etag, modified, agent, referrer, handlers, request_headers, result)
File "/opt/splunk/etc/apps/syndication/bin/syndication_app/feedparser/api.py", line 141, in _open_resource return http.get(url_file_stream_or_string, etag, modified, agent, referrer, handlers, request_headers, result)
File "/opt/splunk/etc/apps/syndication/bin/syndication_app/feedparser/http.py", line 200, in get f = opener.open(request)
File "/opt/splunk/lib/python2.7/urllib2.py", line 429, in open response = self._open(req, data)
File "/opt/splunk/lib/python2.7/urllib2.py", line 447, in _open '_open', req)
File "/opt/splunk/lib/python2.7/urllib2.py", line 407, in _call_chain result = func(*args) File "/opt/splunk/lib/python2.7/urllib2.py", line 1241, in https_open context=self._context)
File "/opt/splunk/lib/python2.7/urllib2.py", line 1198, in do_open raise URLError(err) URLError: <urlopen error [Errno -2] Name or service not known>
https://lukemurphey.net/projects/splunk-syndication-input/wiki/Troubleshooting
Troubleshooting
If you experience problems with the input, run the following search to see both the output from the input and the modular input logs together in order to see if the logs indicate what is wrong:
(index=main sourcetype=syndication) OR (index=_internal sourcetype="syndication_modular_input")
If you have debug logging enabled, then you can see details with the following:
index=_internal sourcetype="syndication_modular_input" | rex field=_raw "(?<action>((Skipping)|(Including)))" | search count>0 OR action=Including | table date latest_date title action count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
.bump for visibility.
still no luck in https feeds. tested on machine with open access to internet of course.
has anyone else been able to get the rss feeds working?
https://www.bleepingcomputer.com/feed/
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
