Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk connector version 2.14 in SOAR 6.0 Error

uditdasgupta
Loves-to-Learn Everything
‎12-07-2023 02:11 PM

I am trying to query a Splunk search head using the Splunk connector from SOAR. However, my playbook is giving an error in the action block with the below error:

Failed to connect to splunk server. HTTP Error 400: Bad Request (1235)

There are no issues of connectivity as I have tested the connectivity to our asset in the app and it has passed successfully.

Yet, my playbook is failing with the above error.

My playbook design consists of a format block that formats the simple SPL query as :

|makeresults|eval id="This is a test" |eval playbook="App upgrade splunk"|table _time id playbook

which is referenced in the action block that queries a Splunk Search Head using the Splunk app.

Any advise on the possible issue is much appreciated ?

Thanks in advance

 

Labels (1)
Labels
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...