Splunk Enterprise Security

An error while exporting a Data Model to Phantom

obyazov
New Member

Hello,

I'm trying to export a Data Model from Splunk Free to Phantom using Phantom App. After configuring the necessary fields and clicking Save and Close I get an Error:

Error talking to splunk: POST /servicesNS/nobody/phantom/saved/searches/: status code 400: {"messages":[{"type":"ERROR","text":"Argument \"action.script\" is not supported by this handler."}]}

Does anyone encounter the same problem? Or maybe somebody knows where to look at to solve the problem.

0 Karma

mattsvensson
Engager

ever get an answer?

0 Karma

mattsvensson
Engager

I'm thinking that it's something about being on the free version now and not being able to set permission on the app/index.

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...