Join the Conversation
- Find Answers
- :
- Premium Solutions
- :
- Splunk Enterprise Security
- :
- threat intelligence upload not working too
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
threat intelligence upload not working too
i get this error when upload a csv file with 2 column that included id number and maliciuos domain but when i go to threat intelligence audit i see this error:
2023-11-06 13:15:52,655+0000 WARNING pid=3558172 tid=MainThread file=add_threat_workload.py:_sinkhole_file:151 | status="Sinkholing of local files is not allowed" stanza="8
and
2023-11-06 13:16:22,699+0000 ERROR pid=3558172 tid=MainThread file=base_modinput.py:execute:820 | Execution failed: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/SA-ThreatIntelligence/storage/collections/data/threat_intel_meta2/batch_save: The read operation timed out',)
Traceback (most recent call last):
File "/Splunk-db/splunk/lib/python3.7/site-packages/splunk/rest/__init__.py", line 567, in simpleRequest
serverResponse, serverContent = h.request(uri, method, headers=headers, body=payload)
File "/Splunk-db/splunk/lib/python3.7/site-packages/httplib2/__init__.py", line 1968, in request
cachekey,
File "/Splunk-db/splunk/lib/python3.7/site-packages/httplib2/__init__.py", line 1626, in _request
conn, request_uri, method, body, headers
File "/Splunk-db/splunk/lib/python3.7/site-packages/httplib2/__init__.py", line 1564, in _conn_request
response = conn.getresponse()
File "/Splunk-db/splunk/lib/python3.7/http/client.py", line 1373, in getresponse
response.begin()
File "/Splunk-db/splunk/lib/python3.7/http/client.py", line 319, in begin
version, status, reason = self._read_status()
File "/Splunk-db/splunk/lib/python3.7/http/client.py", line 280, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/Splunk-db/splunk/lib/python3.7/socket.py", line 589, in readinto
return self._sock.recv_into(b)
File "/Splunk-db/splunk/lib/python3.7/ssl.py", line 1079, in recv_into
return self.read(nbytes, buffer)
File "/Splunk-db/splunk/lib/python3.7/ssl.py", line 937, in read
return self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Splunk-db/splunk/etc/apps/SA-Utils/lib/SolnCommon/modinput/base_modinput.py", line 811, in execute
log_exception_and_continue=True
File "/Splunk-db/splunk/etc/apps/SA-Utils/lib/SolnCommon/modinput/base_modinput.py", line 388, in do_run
self.run(stanza)
File "/Splunk-db/splunk/etc/apps/SA-ThreatIntelligence/bin/threatlist.py", line 709, in run
logger=self.logger
File "/Splunk-db/splunk/etc/apps/SA-ThreatIntelligence/bin/threat_utils/utils.py", line 181, in set_threat_intel_meta
options
File "/Splunk-db/splunk/etc/apps/SA-Utils/lib/SolnCommon/kvstore.py", line 186, in batch_create
uri, sessionKey=session_key, jsonargs=json.dumps(records))
File "/Splunk-db/splunk/lib/python3.7/site-packages/splunk/rest/__init__.py", line 579, in simpleRequest
raise splunk.SplunkdConnectionException('Error connecting to %s: %s' % (path, str(e)))
splunk.SplunkdConnectionException: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/SA-ThreatIntelligence/storage/collections/data/threat_intel_meta2/batch_save: The read operation timed out',)
Accelerating Observability as Code with the Splunk AI Assistant
Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...
Congratulations to the 2025-2026 SplunkTrust!
