cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Alan_Chan000
Loves-to-Learn Lots
Member since: ‎01-20-2022
‎02-09-2022
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-20-2022
Activity Feed
View All

Threat intelligence issue

by in Splunk Enterprise Security
‎01-20-2022 01:36 AM
‎01-20-2022 01:36 AM
After reviewing the Intelligence Audit Events, the following error message shows up, it seems that the feed cannot write to intel. Any idea?   2022-01-20 09:24:09,703+0000 ERROR pid=28186 tid=MainThread file=threat_intelligence_manager.py:process:432 | status="Error when writing output - threat intelligence may be incomplete." filename="/opt/splunk/etc/apps/SA-ThreatIntelligence/local/data/threat_intel/2022-01-18T11-23-26.053064.xml" Traceback (most recent call last): File "/opt/splunk/etc/apps/DA-ESS-ThreatIntelligence/bin/threat_intelligence_manager.py", line 427, in process self.write_output(filename, metadata, intel) File "/opt/splunk/etc/apps/DA-ESS-ThreatIntelligence/bin/threat_intelligence_manager.py", line 497, in write_output time_field='time' File "/opt/splunk/etc/apps/SA-Utils/lib/SolnCommon/kvstore.py", line 150, in batch_create response, content = splunk.rest.simpleRequest(uri, sessionKey=session_key, jsonargs=json.dumps(records)) File "/opt/splunk/lib/python2.7/site-packages/splunk/rest/__init__.py", line 500, in simpleRequest raise splunk.SplunkdConnectionException('Error connecting to %s: %s' % (path, str(e))) SplunkdConnectionException: Splunkd daemon is not responding: ("Error connecting to /servicesNS/nobody/DA-ESS-ThreatIntelligence/storage/collections/data/threat_group_intel/batch_save: ('The read operation timed out',)",) ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-09-2022 11:23 PM