Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Exec Process error

fedayn05
Explorer
2 weeks ago

Hello everyone,

I have just deployed Splunk ES and I am getting a lot of these errors :

"Health Check: msg="A script exited abnormally with exit status: 1" input="./opt/splunk/etc/apps/DA-ESS-ThreatIntelligence/bin/threatmatch.py" stanza="threatmatch://registry_value_text""

I run the following SPL : index=_internal sourcetype=splunkd threatmatch.py and the results are : 

INFO ExecProcessor [2071531 ExecProcessor] - New scheduled exec process: /opt/splunk/bin/python3.9 /opt/splunk/etc/apps/DA-ESS-ThreatIntelligence/bin/threatmatch.py

Any idea please how can i resolve this , as it causes delayed searches for Splunk ES.

Thank you

 

Labels (2)
0 Karma
Reply

tscroggins
Influencer
a week ago

Hi @fedayn05,

Which versions of Splunk Enterprise and Splunk Enterprise Security do you have installed?

Splunk Enterprise 9.0.1 deprecates and Splunk Enterprise 10.0 disables the REST API search/parser endpoint used by earlier versions of Splunk Enterprise Security to validate the data models used by the threatmatch modular input.

If you're running Splunk Enterprise 10.0, ensure you're also running Splunk Enterprise Security 7.3.4 or a later version of Splunk Enterprise Security compatible with Splunk Enterprise 10.0 and the v2 REST API.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...