Activity Feed
- Karma Re: Splunk Searches delayed for sharmajiankur. 07-14-2021 04:15 AM
- Posted Re: How to configure Phantom to use LDAP/Active Directory for authentication? on Security. 07-14-2021 03:23 AM
- Posted Re: Splunk Add-on for Amazon Web Services: Why am I getting error "'NoneType' object has no attribute 'get_bucket'" configuring the input for AWS s3? on All Apps and Add-ons. 05-14-2020 09:41 AM
- Posted Re: Why does my division of two fields return nothing? on Splunk Search. 05-07-2020 04:47 AM
Topics I've Started
No posts to display.
07-14-2021
03:23 AM
Hey @sam_splunk ! Cheers for the guide! I think these types of guides should be included in every admin guide that even has the troubleshooting part; love it! Noticed that the logs now reside in /opt/phantom/var/log/phantom/wsgi.log (using OVA: Phantom 4.10.4.56260)
... View more
05-14-2020
09:41 AM
Hi,
If you're still looking for answers like I did last week.
We got the problem solved with 5.0.1 AWS Add-On and 8.0.3 Splunk Enterprise
8.0.3 Splunk Enterprise + 5.0.0 AWS Add-On has the same issue:
AttributeError: 'NoneType' object has no attribute 'get_bucket'
Hope this helps!
... View more
05-07-2020
04:47 AM
Hey!
I bumped into this thread and noticed this was not solved.
If you noticed the fields are presented as string (a not,#) and the tonumber fails due to multiple values in the string.
Here's the how I found out the solution:
/opt/splunk/etc/system/local/props.conf
[nutanix_arch]
KV_MODE = none
AUTO_KV_JSON = false
INDEXED_EXTRACTIONS = JSON
https://answers.splunk.com/answers/610585/json-format-duplicate-value-in-field.html
Now the field is an interger and you can eval it with the following command:
|eval usage='stats.hypervisor_cpu_usage_ppm' / 10000
Hope this helps! 🙂
... View more
