I do actually. Didn't realize those logs existed so thanks for pointing them out. Looks like both logs repeat the error "HTTPError: HTTP 402 Payment Required -- Requires license feature='KVStore'". Here's the full text:
2018-11-06 17:58:52,747 INFO pid=58417 tid=MainThread file=splunk_rest_client.py:_request_handler:100 | Use HTTP connection pooling
2018-11-06 17:58:52,748 INFO pid=58417 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2018-11-06 17:58:52,753 WARNING pid=58417 tid=MainThread file=utils.py:wrapper:157 | Run function: _get_collection_data failed: Traceback (most recent call last):
File "/opt/splunk/etc/apps/SophosAddOnForSplunk/bin/sophosaddonforsplunk/solnlib/utils.py", line 154, in wrapper
return func(*args, **kwargs)
File "/opt/splunk/etc/apps/SophosAddOnForSplunk/bin/sophosaddonforsplunk/solnlib/modular_input/checkpointer.py", line 190, in _get_collection_data
kvstore.get(name=collection_name)
File "/opt/splunk/etc/apps/SophosAddOnForSplunk/bin/sophosaddonforsplunk/solnlib/packages/splunklib/client.py", line 1648, in get
return super(Collection, self).get(name, owner, app, sharing, **query)
File "/opt/splunk/etc/apps/SophosAddOnForSplunk/bin/sophosaddonforsplunk/solnlib/packages/splunklib/client.py", line 746, in get
**query)
File "/opt/splunk/etc/apps/SophosAddOnForSplunk/bin/sophosaddonforsplunk/solnlib/packages/splunklib/binding.py", line 287, in wrapper
return request_fun(self, *args, **kwargs)
File "/opt/splunk/etc/apps/SophosAddOnForSplunk/bin/sophosaddonforsplunk/solnlib/packages/splunklib/binding.py", line 69, in new_f
val = f(*args, **kwargs)
File "/opt/splunk/etc/apps/SophosAddOnForSplunk/bin/sophosaddonforsplunk/solnlib/packages/splunklib/binding.py", line 665, in get
response = self.http.get(path, self._auth_headers, **query)
File "/opt/splunk/etc/apps/SophosAddOnForSplunk/bin/sophosaddonforsplunk/solnlib/packages/splunklib/binding.py", line 1160, in get
return self.request(url, { 'method': "GET", 'headers': headers })
File "/opt/splunk/etc/apps/SophosAddOnForSplunk/bin/sophosaddonforsplunk/solnlib/packages/splunklib/binding.py", line 1221, in request
raise HTTPError(response)
HTTPError: HTTP 402 Payment Required -- Requires license feature='KVStore'
Looks like my heavy forwarder needs a feature license from Splunk?
... View more