Hi
We've installed TA-Akamai_SIEM on both a HF and SH. The API connections appear to be coming in fine, we get JSON data and on the SH, I can see the Dashboards populated correctly. However, if I search the relevant index, data is still appearing in JSON format.
Reading the notes for this app, the Scripting I believe should kick in and convert the JSON to CIM compliant format, but that doesnt seem to be happening. I do have (thousands of) errors appearing relating to Java, but it seems to be the same error that pops up on other people's problems and doesnt give much of an insight.
08-04-2022 12:18:09.203 +0100 INFO ExecProcessor [3239918 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg=Parse KVstore data...Complete
08-04-2022 12:18:09.229 +0100 INFO ExecProcessor [3239918 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, end streamEvents
08-04-2022 12:18:09.229 +0100 ERROR ExecProcessor [3239918 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" javax.xml.stream.XMLStreamException: No element was found to write: java.lang.ArrayIndexOutOfBoundsException: -1
Splunk is running on 9.0.0 and Java on the HF appears to be OK, java -version returns
java version "1.8.0_333"
Java(TM) SE Runtime Environment (build 1.8.0_333-b02)
Java HotSpot(TM) 64-Bit Server VM (build 25.333-b02, mixed mode)
Has anybody seen any similar problems to the above?
Thanks
