Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cisco AMP Input is not working...

navan1
Explorer
‎07-12-2023 07:15 AM

Hello all,

When we try to create a Cisco AMP4ep input, it is not allowing us to create one. The save button isn't working, see attached. I tried to create the input, but it is not working either. See the attachment.

Splunk Version : 9.0.4.1

Cisco AMP for endpoints input version : 3.0.0

Current input(created manually)
-------------------------------------------

[amp4e_events_input]
api_host = api.amp.cisco.com
api_id = API pin
disabled = 0
eai_app_name = search
eai_user_name = admin
rcvbuf = 1572864

[amp4e_events_input://SPLUNK]
api_host = api.amp.cisco.com
api_id = api pin
index = my_index
source = amp4e_events_input://cisco_amp
sourcetype = cisco:amp:event
stream_name = Splunk_amp4ep

 

Can anyone help with the correct input?

Regards,
Nav

Labels (1)
Labels
Preview file
24 KB
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎07-13-2023 11:56 PM

@navan1 - There could be a number of reasons for this but you could start with this:

  • Delete the whole App from the backend. And re-install it and then try creating the input again.

 

  • Check the browser console logs and splunkd.logs and the Add-on specific log files to find more information about the issue.

 

I hope this helps!! Consider upvoting!!!

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...