Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Disabled input methods/scripts throwing errors within Splunk ES

rturk
Builder
‎10-01-2014 02:15 AM

Hi All,

I have a pretty generic Splunk for Enterprise Security implementation. Every hour I get prompted with a whole bunch of messages such as the ones below:

alt text

I believe I have disabled all inputs that call on these binaries and scripts (checked using ./splunk cmd btool inputs list) and yet I still get them... can anyone suggest a possible culprit?

Cheers 🙂 RT

0 Karma
Reply

ekost
Splunk Employee
Splunk Employee
‎10-01-2014 02:28 PM

There was a bug with Windows modular inputs and the Splunk App for Enterprise Security. They were fixed with the releases of Splunk Enterprise 6.0.5 and 6.1.3, and is marked as fixed in the Enterprise Security 3.1 Release Notes under SOLNESS-4629.

Reply

rturk
Builder
‎10-01-2014 03:01 PM

Hi ekost - thanks for that. I should have specified we're running the latest versions of both. I'll log a formal ticket with support today. Thanks again 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...