Hey @sam_splunk ! Cheers for the guide! I think these types of guides should be included in every admin guide that even has the troubleshooting part; love it!  Noticed that the logs now reside in /opt/phantom/var/log/phantom/wsgi.log (using OVA:  Phantom 4.10.4.56260) ... View more

Hi, If you're still looking for answers like I did last week. We got the problem solved with 5.0.1 AWS Add-On and 8.0.3 Splunk Enterprise 8.0.3 Splunk Enterprise + 5.0.0 AWS Add-On has the same issue: AttributeError: 'NoneType' object has no attribute 'get_bucket' Hope this helps! ... View more

Hey! I bumped into this thread and noticed this was not solved. If you noticed the fields are presented as string (a not,#) and the tonumber fails due to multiple values in the string. Here's the how I found out the solution: /opt/splunk/etc/system/local/props.conf [nutanix_arch] KV_MODE = none AUTO_KV_JSON = false INDEXED_EXTRACTIONS = JSON https://answers.splunk.com/answers/610585/json-format-duplicate-value-in-field.html Now the field is an interger and you can eval it with the following command: |eval usage='stats.hypervisor_cpu_usage_ppm' / 10000 Hope this helps! 🙂 ... View more