Splunk SOAR
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

phantom_forward.py called without the correct set of parameters.

markhill1
Path Finder
‎08-18-2019 08:26 PM

Hi all, Splunk 7.3.1, ES version 5.3.0, Phantom 4.5.15922.
I have ES configured to use the 'Send to Phantom' action for a couple of correlation searches.
But... I keep seeing this in the _internal logs and no events showing in Phantom.
ERROR phantom_forward:125 - /opt/splunk/etc/apps/phantom/bin/scripts/phantom_forward.py called without the correct set of parameters.
I have tried re-configuring the auth-token, and it tests fine.

Is anyone able to help on this one?
Thanks

Labels (1)
Labels
0 Karma
Reply

markhill1
Path Finder
‎08-18-2019 09:43 PM

After I started ingesting the internal Phantom and Splunk logs into another Splunk machine I did some checking around.
Found that an incorrect label was causing the ingestion errors, but Im still getting the error above, every minute.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...