Hello 

wonder if anyone got this app working for rss feeds?. 

https://splunkbase.splunk.com/app/2646/#/details

Broad feed support: the input supports all of the major feed types (RSS, ATOM, RDF) and will automatically determine the type of the feed and import it automatically

was only able to ingest BBC news, cisco webex status feed .

the ones i am interested in fail with error

But these fail to be ingested ;  the error is same for all the feeds tested

Does not look like a dns error as it works for bbc & webex url. 

same error from test machine fully open to the internet. 

Supported Splunk Versions: 7.2, 7.3, 8.0, 8.1, 8.2 ; 

http TRACE:

Request URL:
https://www.csoonline.com/in/index.rss
Request Method:
GET
Status Code:
200 OK
Remote Address:
172.22.59.131:80

ERROR TRACE:

2021-11-16 19:25:53,176 ERROR Unable to get the feed, url=https://www.infosecurity-magazine.com/rss/news Traceback (most recent call last): 
File "/opt/splunk/etc/apps/syndication/bin/syndication.py", line 350, in run results, last_entry_date_retrieved = self.get_feed(feed_url.geturl(), return_latest_date=True, include_later_than=last_entry_date, logger=self.logger, username=username, password=password, clean_html=clean_html) 
File "/opt/splunk/etc/apps/syndication/bin/syndication.py", line 167, in get_feed d = feedparser.parse(feed_url)
 File "/opt/splunk/etc/apps/syndication/bin/syndication_app/feedparser/api.py", line 241, in parse data = _open_resource(url_file_stream_or_string, etag, modified, agent, referrer, handlers, request_headers, result) 
File "/opt/splunk/etc/apps/syndication/bin/syndication_app/feedparser/api.py", line 141, in _open_resource return http.get(url_file_stream_or_string, etag, modified, agent, referrer, handlers, request_headers, result) 
File "/opt/splunk/etc/apps/syndication/bin/syndication_app/feedparser/http.py", line 200, in get f = opener.open(request) 
File "/opt/splunk/lib/python2.7/urllib2.py", line 429, in open response = self._open(req, data) 
File "/opt/splunk/lib/python2.7/urllib2.py", line 447, in _open '_open', req) 
File "/opt/splunk/lib/python2.7/urllib2.py", line 407, in _call_chain result = func(*args) File "/opt/splunk/lib/python2.7/urllib2.py", line 1241, in https_open context=self._context) 
File "/opt/splunk/lib/python2.7/urllib2.py", line 1198, in do_open raise URLError(err) URLError: <urlopen error [Errno -2] Name or service not known>

https://lukemurphey.net/projects/splunk-syndication-input/wiki/Troubleshooting

Troubleshooting

If you experience problems with the input, run the following search to see both the output from the input and the modular input logs together in order to see if the logs indicate what is wrong:

(index=main sourcetype=syndication)  OR (index=_internal sourcetype="syndication_modular_input")

If you have debug logging enabled, then you can see details with the following:

index=_internal sourcetype="syndication_modular_input" | rex field=_raw "(?<action>((Skipping)|(Including)))" | search count>0 OR action=Including  | table date latest_date title action count