Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

threat list download failed after multiple retries

ybahat
New Member
‎05-11-2015 05:33 AM

The splunk server is located behind a proxy, and i'm getting a lot of "threat list download failed after multiple retries" error messages.

From my logs I can see that the download is attempted directly, and not through the proxy.
What do I need to configure and where?

0 Karma
Reply

shellsam
Explorer
‎10-12-2016 03:18 AM

I too have the same issue.but i had configured the proxy

0 Karma
Reply

tskinnerivsec
Contributor
‎06-03-2015 12:16 PM

I am working on this myself, still getting failures after configuring proxy info. Does proxy server field need to be populated in http:\ format, or does just the ip address of the proxy suffice in that field?

0 Karma
Reply

mdessus_splunk
Splunk Employee
Splunk Employee
‎06-03-2015 01:26 PM

Just enter the hostname or ip address.
Note also there were a bug in older versions if you were using proxy authentication under certain conditions (I assume it is resolved now). Are you using authentication ?

If it does not work, look for your proxy logs in Splunk 🙂

0 Karma
Reply

mdessus_splunk
Splunk Employee
Splunk Employee
‎05-11-2015 07:42 AM

Hello, you need to configure first the proxy setting in each threat (Configure / Data Enrichment / Threat list), and if needed authentication in Configure / General / Credential management. And it should work !

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...