×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Ramachandran
Explorer
Member since: ‎05-14-2025
3 weeks ago
Community Statistics
Posts 5
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎05-14-2025
Activity Feed
View All

Subject: Alerts Not Reaching Splunk SOAR via App-t...

by in Splunk SOAR
a month ago
a month ago
Hi everyone, I'm working on integrating Splunk Enterprise with Splunk SOAR using the Splunk App for SOAR Export, and I'm running into an issue where alerts sent from Splunk aren't appearing in SOAR. Setup Details: Using App-to-App connection (not direct API/port 443) SOAR server is configured and marked active in the Splunk App for SOAR Export SOAR user has the observer and automation roles SSL verification is disabled (self-signed cert) Splunk and SOAR are on the same VPC/subnet with proper connectivity Test Alert Sent from Search & Reporting: | makeresults | eval foo="helloo" | eval src_ip="1.1.1.1" | table _time, foo, src_ip The Issue: No events are appearing in SOAR Nothing listed in Event Ingest Status or as Ad hoc search result No errors in the Splunk Job Inspector What I Need Help With: Are there any extra steps required in the new SOAR UI to allow data from Splunk’s App for SOAR Export? Any known limitations or misconfigurations I might be missing? Any guidance would be greatly appreciated! Thanks in advance. 🙏 ... View more
Labels

Error in SOAR Connection establishment

by in Splunk Enterprise
a month ago
a month ago
Hey everyone, I'm trying to configure a new server in the SOAR UI, but I'm running into this error: Error Message: There was an error adding the server configuration. On SOAR: Verify server's 'Allowed IPs' and authorization configuration. Status: 500 Text: JSON reply had no "payload" value I've already double-checked the basic config, but still no luck. From what I understand, this might be related to: Missing or misconfigured Allowed IPs on the SOAR server Improper authorization settings Possibly an issue with the server not returning the expected JSON format Has anyone faced this before or have any ideas on how to troubleshoot this? Any guidance or checklist would be super helpful Thanks in advance! ... View more

Re: The overview of my task is to send the the liv...

by in Splunk Enterprise
‎05-15-2025 09:14 PM
‎05-15-2025 09:14 PM
Could you help me with guiding me for setting up these whole thing.  ... View more

Re: The overview of my task is to send the the liv...

by in Splunk Enterprise
‎05-14-2025 11:36 PM
‎05-14-2025 11:36 PM
Thanks for suggesting this bro, Let me try this once and let you know what is the result. ... View more

The overview of my task is to send the the live da...

by in Splunk Enterprise
‎05-14-2025 10:46 PM
‎05-14-2025 10:46 PM
I’m forwarding logs from an EC2 instance using rsyslog with the omhttp module to a Splunk HEC endpoint running on another EC2 instance (IP: 172.31.25.126) over *port 8088*.My rsyslog.conf includes: rsyslog  module(load="omhttp") action(type="omhttp"    server="172.31.25.126"    port="8088"    uri="/services/collector/event"    headers=["Authorization: Splunk <token>"]    template="RSYSLOG_SyslogProtocol23Format"    queue.filename="fwdRule1"    queue.maxdiskspace="1g"    queue.saveonshutdown="on"    queue.type="LinkedList"    action.resumeRetryCount="-1"  )### Problem:Even though I’ve explicitly configured port 8088, I get this error: omhttp: suspending ourselves due to server failure 7: Failed to connect to 172.31.25.126 port 443: No route to hostIt seems like omhttp is still trying to use *HTTPS (port 443)* instead of *plain HTTP on port 8088*.---### Questions:1. How do I force the omhttp module to use HTTP instead of HTTPS? 2. Is there a configuration parameter to explicitly set the protocol scheme (http vs https)? 3. Is this behavior expected if I just set the port to 8088 without configuring the protocol?Any insights or examples are appreciated. Thanks! ... View more
Contact Me
Online Status
Offline
Date Last Visited
3 weeks ago
Karma given to