@tolgaakkapulu Im afraid I'm a little stuck here too...as it sounds like its configured correctly and you've confirmed the data coming back, the backfill and connection etc. If you're feeling adve...
See more...
@tolgaakkapulu Im afraid I'm a little stuck here too...as it sounds like its configured correctly and you've confirmed the data coming back, the backfill and connection etc. If you're feeling adventurous you could modify the Python in the app to add more logging, to see if that helps! In $SPLUNK_HOME/etc/apps/TA-otx/bin/input_module_otx.py find the following section of code: response = helper.send_http_request(
'https://otx.alienvault.com/api/v1/pulses/subscribed',
'GET',
parameters = {'modified_since' : since },
headers = { 'X-OTX-API-KEY' : api_key },
verify=True,
use_proxy=True
)
response.raise_for_status()
pulses = response.json()['results'] Replace it with: response = helper.send_http_request(
'https://otx.alienvault.com/api/v1/pulses/subscribed',
'GET',
parameters = {'modified_since' : since },
headers = { 'X-OTX-API-KEY' : api_key },
verify=True,
use_proxy=True
)
helper.log_info("modified_since: %s" % str(since))
response.raise_for_status()
respData = response.json()
helper.log_info("Response from request")
helper.log_info(respData)
pulses = respData['results'] Then disable and re-enable the input and check the logs to see if it gives any more insight! Did this answer help you? If so, please consider: Adding karma to show it was useful Marking it as the solution if it resolved your issue Commenting if you need any clarification Your feedback encourages the volunteers in this community to continue contributing