All Apps and Add-ons

Cisco AMP for Endpoints Events Input: Cannot retrieve data despite correct credential input



I am setting up to "Cisco AMP for Endpoints Events Input" on windows 2016.
I think the following 3 credentials are correct because I can retrieve information using curl command with these credential.

-AMP for Endpoints API Host
-API Client ID
-API Key

After I input the following credentials, I select "New Input" tab, The following message appears:

"Warning! We couldn’t retrieve the information from API with provided credentials. Please make sure the API host is accessible or re-configure the input with correct credentials."

Did I miss some setting?
Please advise me about the possible cause.

Best Regards

New Member

Have a look into the logfile (in our install, this was the path, you might have to look for it) /opt/splunk/var/log/splunk/amp4e_events_input.log

look for SSL-errors (supposedly someone screwed up the certificate-handling when packing this app)

did the Handshake-fix mentioned here:

did the ssl-shared-options-fix mentioned here:

This atleast got the log to connect and say " INFO Amp4eEvents - Connected. Starting to consume."

0 Karma

Super Champion

Hi @ksakagaw,

Try setting API Host should to

seems like the same issue as :

0 Karma

Esteemed Legend

You would probably be better off posting to Cisco forums.

0 Karma


Okay. Thanks for advice.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!