cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
nickmdps
Engager
Member since: ‎03-31-2020
‎06-01-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎03-31-2020
Activity Feed
View All

VMware Carbon Black EDR On-Prem App - sensorsearch...

by in All Apps and Add-ons
‎03-17-2021 07:33 PM
‎03-17-2021 07:33 PM
When using the sensorsearch command included as part of the VMware Carbon Black EDR On-Prem App I get a Python ValueError and only a small number or no results (depending on the query). For example, the following query for all sensor information:   | sensorsearch   Which should return details of all sensors, instead returns details on between 5-20 sensors and the following stack trace: Error: error searching for None in Cb Response: invalid literal for int() with base 10: '' stacktrace: Traceback (most recent call last): File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\cbhelpers.py", line 120, in transform yield self.generate_result(result) File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\sensor_search.py", line 63, in generate_result result = super(SensorSearchCommand, self).generate_result(data) File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\cbhelpers.py", line 103, in generate_result rawdata = dict((field_name, getattr(data, field_name, "")) for field_name in self.field_names) File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\cbhelpers.py", line 103, in <genexpr> rawdata = dict((field_name, getattr(data, field_name, "")) for field_name in self.field_names) File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\cbapi\models.py", line 101, in __get__ return coerce_type(value) ValueError: invalid literal for int() with base 10: '' Testing the API directly via curl using the same API key returns the expected results. The app is installed on a search head running Splunk v7.2.5.1 on Windows Server 2016. Version information: Splunk: v7.2.5.1 on Windows Server 2016 VMware Carbon Black EDR On-Prem App: 2.1.4 Carbon Black Response/EDR on prem server version: 7.4.1 Any help greatly appreciated.   ... View more
Labels

Microsoft Azure Add on, Event Hub input - support ...

by in All Apps and Add-ons
‎07-09-2020 08:11 PM
‎07-09-2020 08:11 PM
We need to pull events into Splunk from an Azure Event Hub, and the "Microsoft Azure Add on" looks to be the best option. Our organisational policy restricts us to RHEL (i.e. Ubuntu or other distros are not an option) so I intend to install the add-on on a Heavy Forwarder running on RHEL 7.8. As we are still running Splunk v7.2.5.1 I will be installing v2.1.1 of the add-on, however I note that the README for that version indicates that only Ubuntu or Darwin are supported for the Event Hub input for this version of the add-on i.e: Platforms: Unbuntu or Darwin for Event Hubs. All other inputs are platform independent However, in other related issues it looks like the add-on has run successfully for the event hub input on RHEL as late as 7.7 as noted by @jconger  in Microsoft Azure Add-on for Splunk (TA-MS-AAD) Version 2.0.0 - No Event Hub Data Ingesting. So two questions: Will this work i.e. will I be able to pull events from an Azure Event hub using this blend of versions and distros? What issues/errors should I expect (if any)? Thanks.     ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-01-2022 02:59 AM
Karma given to