cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
farrukhahmed
Explorer
Member since: ‎06-09-2017
‎06-05-2020
Community Statistics
Posts 7
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎06-09-2017
Activity Feed
View All

Re: Elasticsearch Data Integrator - Modular Input ...

by in All Apps and Add-ons
‎01-10-2020 06:53 AM
‎01-10-2020 06:53 AM
Seeing this in the splunkd.log... Possibly a timestamp issue? 01-10-2020 09:49:34.796 -0500 WARN DateParserVerbose - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (128) characters of event. Defaulting to timestamp of previous event (Fri Jan 10 09:49:34 2020). Context: source=/opt/splunk/var/log/splunk/ta_elasticsearch_data_integrator_modular_input_elasticsearch_json.log|host=localhost.localdomain|ta_elasticsearch_data_integrator_modular_input_elasticsearch_json-too_small|72 01-10-2020 09:49:34.796 -0500 WARN DateParserVerbose - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (128) characters of event. Defaulting to timestamp of previous event (Fri Jan 10 09:49:34 2020). Context: source=/opt/splunk/var/log/splunk/ta_elasticsearch_data_integrator_modular_input_elasticsearch_json.log|host=localhost.localdomain|ta_elasticsearch_data_integrator_modular_input_elasticsearch_json-too_small|72 01-10-2020 09:49:34.796 -0500 WARN DateParserVerbose - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (128) characters of event. Defaulting to timestamp of previous event (Fri Jan 10 09:49:34 2020). Context: source=/opt/splunk/var/log/splunk/ta_elasticsearch_data_integrator_modular_input_elasticsearch_json.log|host=localhost.localdomain|ta_elasticsearch_data_integrator_modular_input_elasticsearch_json-too_small|72 01-10-2020 09:49:34.796 -0500 WARN DateParserVerbose - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (128) characters of event. Defaulting to timestamp of previous event (Fri Jan 10 09:49:34 2020). Context: source=/opt/splunk/var/log/splunk/ta_elasticsearch_data_integrator_modular_input_elasticsearch_json.log|host=localhost.localdomain|ta_elasticsearch_data_integrator_modular_input_elasticsearch_json-too_small|72 01-10-2020 09:49:34.796 -0500 WARN DateParserVerbose - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (128) characters of event. Defaulting to timestamp of previous event (Fri Jan 10 09:49:34 2020). Context: source=/opt/splunk/var/log/splunk/ta_elasticsearch_data_integrator_modular_input_elasticsearch_json.log|host=localhost.localdomain|ta_elasticsearch_data_integrator_modular_input_elasticsearch_json-too_small|72 01-10-2020 09:49:34.799 -0500 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/elasticsearch_json.py" ERROR'NoneType' object has no attribute 'strip' 01-10-2020 09:49:36.122 -0500 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/elasticsearch_json.py" Traceback (most recent call last): 01-10-2020 09:49:36.122 -0500 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/elasticsearch_json.py" File "/opt/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/ta_elasticsearch_data_integrator_modular_input/modinput_wrapper/base_modinput.py", line 127, in stream_events 01-10-2020 09:49:36.122 -0500 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/elasticsearch_json.py" self.collect_events(ew) 01-10-2020 09:49:36.122 -0500 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/elasticsearch_json.py" File "/opt/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/elasticsearch_json.py", line 104, in collect_events 01-10-2020 09:49:36.122 -0500 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/elasticsearch_json.py" input_module.collect_events(self, ew) 01-10-2020 09:49:36.122 -0500 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/elasticsearch_json.py" File "/opt/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/input_module_elasticsearch_json.py", line 49, in collect_events 01-10-2020 09:49:36.122 -0500 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/elasticsearch_json.py" opt_ca_certs_path = opt_ca_certs_path.strip() 01-10-2020 09:49:36.122 -0500 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/elasticsearch_json.py" AttributeError: 'NoneType' object has no attribute 'strip' 01-10-2020 09:49:36.123 -0500 WARN DateParserVerbose - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (128) characters of event. Defaulting to timestamp of previous event (Fri Jan 10 09:49:36 2020). Context: source=/opt/splunk/var/log/splunk/ta_elasticsearch_data_integrator_modular_input_elasticsearch_json.log|host=localhost.localdomain|ta_elasticsearch_data_integrator_modular_input_elasticsearch_json-too_small|72 01-10-2020 09:49:36.123 -0500 WARN DateParserVerbose - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (128) characters of event. Defaulting to timestamp of previous event (Fri Jan 10 09:49:36 2020). Context: source=/opt/splunk/var/log/splunk/ta_elasticsearch_data_integrator_modular_input_elasticsearch_json.log|host=localhost.localdomain|ta_elasticsearch_data_integrator_modular_input_elasticsearch_json-too_small|72 ... View more

Re: Custom Email Alert Based On 15 Minutes Search

by SplunkTrust in All Apps and Add-ons
‎10-13-2019 05:15 PM
‎10-13-2019 05:15 PM
If your problem is resolved, please accept the answer to help future readers. ... View more

Does anyone have working example of Symantec Endpo...

by in Dashboards & Visualizations
‎10-03-2019 11:55 AM
‎10-03-2019 11:55 AM
Does anyone have working example of Symantec Endpoint Protection Dashboards along with Working TA. SEP 14.2 RU1 MP1 Working Dashboards I have gone through https://answers.splunk.com/answers/745774/sep-142-ru1-log-format-change.html which looks ok but i am confused with sourcetype=symantec:ep:agents:db I am looking for some example because there is not much information regarding this. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All