Splunk SOAR

Phantom Add-on for Splunk – is not saving any changes done on Saved searches (Event Forwarding)

dhirajkumar0501
Engager

Issue:  Phantom Add-on for Splunk – is not saving any changes done on Saved searches and below error is observed in logs internally.

Error observed in Internal logs :  2022-11-17 17:19:19,970 +0000 ERROR phantom_splunk:188 - Traceback (most recent call last): File "/opt/splunk/etc/apps/phantom/bin/phantom_splunk.py", line 182, in rest response, content = splunk.rest.simpleRequest(path, **args) File "/opt/splunk/lib/python3.7/site-packages/splunk/rest/__init__.py", line 648, in simpleRequest raise splunk.AuthorizationFailed(extendedMessages=uri) splunk.AuthorizationFailed: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/phantom/configs/conf-phantom?count=-1&output_mode=json

Observations :  

  1. Splunk Prod to phantom integrations are intact and I did successfully push notable to Prod during troubleshooting.
  2. Splunk Cloud was recently updated to 9.0
  3. Splunk Enterprise 9.0 is compatible with current Phantom App version 4.1.73 installed.

I tested with highest Splunk permissions and still unable to save a forwarding search or edit it.

0 Karma
1 Solution

dhirajkumar0501
Engager

It resolved by upgrading the app to the latest version ("Splunk App for SOAR Export"). 

View solution in original post

0 Karma

dhirajkumar0501
Engager

It resolved by upgrading the app to the latest version ("Splunk App for SOAR Export"). 

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...