Also looking for AirWatch TA with CIM mapping ... View more

Has there been any update to this problem? ... View more

Also interested in if this was resolved? ... View more

I Agree. Have had similar issues ... View more

I believe since the data does not come through raw, it is considered already "cooked" and no index-time extractions can be applied. We are missing a severity field as well as the timestamp being 4 hours off. This is using the Splunk HEC connector. We might have to default back to syslog! Thanks for the help! ... View more

I believe we are on an older version, working to get it updated now. Are you using a TA for the props / transforms or just built your extractions custom? ... View more

Ahh, yeah I don't see the configuration page on BT. Unless you are referring to Tools-->Alerting-->Actions, but that doesnt have anything Splunk related other than the host value to send to ... View more

Or do you have a link to any documentation? ... View more

How did you configure BeyondTrust to send via the HTTP Event Collector? ... View more

Has there been any update on this? ... View more

Anybody have any update on this? ... View more

Lguinn I agree with you but I also think it's worth noting that if there was any legacy data from before the cluster was built on any indexers currently (older data existing on any standalone splunk indexers originally), then that data will not be available to the search heads when that particular indexer is down - unless the old data was copied to be replicated. Probably not something Daniel will have to worry about, but it's good to thoroughly understand that index clustering when a cluster is first set up only replicates new data coming into Splunk. ... View more

Have you made any customization to sendemail.py in the app you are in or in the search app? You can try this....Stop Splunk, Copy the sendmail.py from the default "Search" app and paste it to the app you are facing this issue with and then start it & see if that fixes it. ... View more

Was there any update here if it will affect say a Deployer's connection. We are getting this error only on the deployer ... View more

Has there been any updates to this issue using DB Connect 1 or 2? ... View more

did you get this error solved? ... View more

Just figured it out! It's because the agent count never had been past 000. Once you had an agent, it works great! ... View more

Its not a BUG! Just figured it out! It's because the agent count never had been past 000. Once you had an agent, it works great! ... View more

I also do not get the password prompt error. I just get the "Unable to run data collection. End Of File (EOF) in read_nonblocking(). Exception style platform" ERROR. ... View more

I am not trying to connect remote. This is for local access. I get the following error when running this command as root. python ossec_agent_status.py Server: hostname, Error: Unable to run data collection. End Of File (EOF) in read_nonblocking(). Exception style platform. version: 2.3 ($Revision: 399 $) command: /usr/bin/sudo args: ['/usr/bin/sudo', '/var/ossec/bin/agent_control', '-l'] ... View more

Have the same problem. Still no answer Gfrjonp? ... View more

I have the same problem for a local server. I tried using the single quotes, but that didn't fix it. I get one accurate log from sourcetype ossec_agent_control, but then a bunch of jumbled incorrect logs after. Does anybody know of any other fixes? ... View more