cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
eegiievol
Explorer
Member since: ‎09-02-2020
‎10-26-2020
Community Statistics
Posts 9
Solutions 2
Karma Given 0
Karma Received 0
Member Since ‎09-02-2020
Activity Feed
View All

Re: ES notable index empty resulting empty notable...

by in Getting Data In
‎10-25-2020 07:30 PM
‎10-25-2020 07:30 PM
I found a reason. inputs.conf file was removed while installing CIM app to follow addon installation in distributed environment guide. Some addons are exceptional, I should have read manual carefully.    ... View more

Re: ES notable index empty resulting empty notable...

by in Security
‎09-20-2020 07:49 PM
‎09-20-2020 07:49 PM
I found a reason. inputs.conf file was removed while installing CIM app to follow addon installation in distributed environment guide. Some addons are exceptional, I should have read manual carefully.    ... View more

ES notable index empty resulting empty notable das...

by in Getting Data In
‎09-15-2020 10:44 PM
‎09-15-2020 10:44 PM
We are unable to see our notable events when correlation search criteria met. Upon investigation, found out that notable index is empty, which resulting es_notable_events  kvstore lookup empty. Correlation search has no issue because we could see other AR actions triggered except notable.  Our environment: 2 indexers with cluster configuration, 1 SH, 1 stack of MC/License master/Deployment server, 1 Cluster Master. ES version: 6.2.0, Enterprise version: 8.0.5 Hope someone can give me a hand    ... View more
Labels

ES notable index empty resulting empty notable das...

by in Security
‎09-15-2020 10:34 PM
‎09-15-2020 10:34 PM
We are unable to see our notable events when correlation search criteria met. Upon investigation, found out that notable index is empty, which resulting es_notable_events  kvstore lookup empty. Correlation search has no issue because we could see other AR actions triggered except notable.  Our environment: 2 indexers with cluster configuration, 1 SH, 1 stack of MC/License master/Deployment server, 1 Cluster Master. ES version: 6.2.0, Enterprise version: 8.0.5 Hope someone can give me a hand 🙂 ... View more
Labels

Re: Sophos App - JSON fields renaming

by in All Apps and Add-ons
‎09-02-2020 07:20 PM
‎09-02-2020 07:20 PM
Could you please help me. Is there anything else I have to modify except inputs.conf. I have trouble getting data onboard.  ... View more

Re: Getting checkpointer error for alerts in Sopho...

by in All Apps and Add-ons
‎09-02-2020 07:19 PM
‎09-02-2020 07:19 PM
Could you please help me. Is there anything else I have to modify except inputs.conf. I have trouble getting data onboard.  ... View more

Re: Does documentation exist for Sophos App & Add...

by in All Apps and Add-ons
‎09-02-2020 05:16 AM
‎09-02-2020 05:16 AM
Have you resolved the issue. I have configured inputs config and see nothing. I saw this error in log file: HTTPError: HTTP 500 Internal Server Error -- {"messages":[{"type":"ERROR","text":"Cannot call handler 'SophosAddOnForSplunk_sophos_central_events' due to missing script 'SophosAddOnForSplunk_rh_soph os_central_events.py'."}]} ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-26-2020 04:01 PM