Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

An error while exporting a Data Model to Phantom

obyazov
New Member
‎08-16-2018 08:37 AM

Hello,

I'm trying to export a Data Model from Splunk Free to Phantom using Phantom App. After configuring the necessary fields and clicking Save and Close I get an Error:

Error talking to splunk: POST /servicesNS/nobody/phantom/saved/searches/: status code 400: {"messages":[{"type":"ERROR","text":"Argument \"action.script\" is not supported by this handler."}]}

Does anyone encounter the same problem? Or maybe somebody knows where to look at to solve the problem.

0 Karma
Reply

mattsvensson
Engager
‎11-15-2018 01:24 PM

ever get an answer?

0 Karma
Reply

mattsvensson
Engager
‎11-15-2018 07:15 PM

I'm thinking that it's something about being on the free version now and not being able to set permission on the app/index.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...