Cisco AMP Input is not working...

navan1 · ‎07-12-2023

Hello all,

When we try to create a Cisco AMP4ep input, it is not allowing us to create one. The save button isn't working, see attached. I tried to create the input, but it is not working either. See the attachment.

Splunk Version : 9.0.4.1

Cisco AMP for endpoints input version : 3.0.0

Current input(created manually)
-------------------------------------------

[amp4e_events_input]
api_host = api.amp.cisco.com
api_id = API pin
disabled = 0
eai_app_name = search
eai_user_name = admin
rcvbuf = 1572864

[amp4e_events_input://SPLUNK]
api_host = api.amp.cisco.com
api_id = api pin
index = my_index
source = amp4e_events_input://cisco_amp
sourcetype = cisco:amp:event
stream_name = Splunk_amp4ep

Can anyone help with the correct input?

Regards,
Nav

VatsalJagani · ‎07-13-2023

@navan1 - There could be a number of reasons for this but you could start with this:

Delete the whole App from the backend. And re-install it and then try creating the input again.

Check the browser console logs and splunkd.logs and the Add-on specific log files to find more information about the issue.

I hope this helps!! Consider upvoting!!!

Cisco AMP Input is not working...

add-on

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!

Introducing the Splunk Community Dashboard Challenge!