Just installed the app and i've configured my api and subscribed to some sources in OTX. However, no data is coming in. I'm currently seeing these messages:
02-07-2019 12:43:15.653 -0500 INFO ExecProcessor - message from "python /opt/splunk/etc/apps/TA-otx/bin/otx.py" Completed polling. Logged 3358 pulses and 76409 indicators.
02-07-2019 12:40:56.893 -0500 INFO ExecProcessor - message from "python /opt/splunk/etc/apps/TA-otx/bin/otx.py" Retrieving subscribed pulses since: 2018-11-09 12:40:56.893778
02-07-2019 12:40:57.863 -0500 WARN DateParserVerbose - A possible timestamp match (Fri Jul 31 16:07:04 2020) is outside of the acceptable time window. If this timestamp is correct, consider adjusting MAX_DAYS_AGO and MAX_DAYS_HENCE. Context: source=otx://otx_data|host=xxxxxxxxxxxxxx|otx:indicator|\n 24 similar messages suppressed. First occurred at: Thu Feb 7 12:18:48 2019
It looks like maybe the timestamping is incorrect? Any ideas?
... View more
Having trouble getting the Slack Webhook Alert to show as an option as an adaptive response under a correlation search. Weirdly, it shows in my QA environment but not in production. This is Splunk 7.2 and ES 5.2. The alert action works fine as a normal Splunk alert. Any ideas where to look? I have added TA-slack-webhook-alert under the ES app import.
... View more