Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
All Apps and Add-ons
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Trouble getting Rapid7 Nexpose TA working
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Trouble getting Rapid7 Nexpose TA working
CLadu
New Member
03-15-2018
03:57 PM
Hi Splunkers,
I'm working on getting the Rapid7 Nexpose TA working. Looked at the TA logs (_internal) and saw this:
03-15-2018 15:50:00.389 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" KeyError: 'session-id'
03-15-2018 15:50:00.389 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "lxml.etree.pyx", line 2295, in lxml.etree._Attrib.__getitem__ (src/lxml/lxml.etree.c:59806)
03-15-2018 15:50:00.389 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" self.authtoken = response.attrib['session-id']
03-15-2018 15:50:00.389 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/api/pnexpose.py", line 39, in login
03-15-2018 15:50:00.389 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" self.login()
03-15-2018 15:50:00.389 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/api/pnexpose.py", line 33, in __init__
03-15-2018 15:50:00.389 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" API_VER)
03-15-2018 15:50:00.389 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py", line 179, in register_metrics
03-15-2018 15:50:00.389 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" register_metrics(settings)
03-15-2018 15:50:00.389 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py", line 211, in run_script
03-15-2018 15:50:00.389 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" run_script()
03-15-2018 15:50:00.389 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py", line 235, in <module>
03-15-2018 15:50:00.389 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" Traceback (most recent call last):
03-15-2018 15:50:00.296 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" KeyError: 'session-id'
03-15-2018 15:50:00.296 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "lxml.etree.pyx", line 2295, in lxml.etree._Attrib.__getitem__ (src/lxml/lxml.etree.c:59806)
03-15-2018 15:50:00.296 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" self.authtoken = response.attrib['session-id']
03-15-2018 15:50:00.296 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/api/pnexpose.py", line 39, in login
03-15-2018 15:50:00.296 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" self.login()
03-15-2018 15:50:00.296 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/api/pnexpose.py", line 33, in __init__
03-15-2018 15:50:00.296 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" API_VER)
03-15-2018 15:50:00.296 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py", line 179, in register_metrics
03-15-2018 15:50:00.296 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" register_metrics(settings)
03-15-2018 15:50:00.296 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py", line 211, in run_script
03-15-2018 15:50:00.296 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" run_script()
03-15-2018 15:50:00.296 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py", line 235, in <module>
03-15-2018 15:50:00.296 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" Traceback (most recent call last):
03-15-2018 15:49:59.830 -0700 INFO ExecProcessor - setting reschedule_ms=300340, for command=python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:49:59.830 -0700 INFO ExecProcessor - setting reschedule_ms=300340, for command=python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:49:12.738 -0700 INFO ExecProcessor - New scheduled exec process: python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:49:12.738 -0700 INFO ExecProcessor - New scheduled exec process: python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:49:12.734 -0700 INFO IndexWriter - openDatabases complete currentId=-1 idx=rapid7
03-15-2018 15:49:12.734 -0700 INFO IndexWriter - idx=rapid7, Initializing, params='[300,period=60.000,frozenTimePeriodInSecs=64070000.000,coldToFrozenScript=,coldToFrozenDir=,warmToColdScript=,maxHotBucketSize=786432000,optimizeEvery=5.000,syncMeta=true,maxTotalDataSizeMB=500000,maxGlobalDataSizeMB=0,maxMemoryAllocationPerHotSliceMB=5,addressCompressBits=5,isReadOnly=false,maxMergizzles=6,maxHotSpanSecs=7776000.000,maxMetadataEntries=1000000,maxHotIdleSecs=0.000,maxHotBuckets=3,minHotIdleSecsBeforeForceRoll=0.000,quarantinePastSecs=77760000.000,quarantineFutureSecs=2592000.000,maxSliceSize=131072,serviceMetaPeriod=25.000,partialServiceMetaPeriod=0.000,throttleCheckPeriod=15.000,homePath_maxDataSizeBytes=0,coldPath_maxDataSizeBytes=0,compressionType=gzip,lz4BlockSize=65536,compressionLevel=-1,fsyncInterval=18446744073709551.615,maxBloomBackfillBucketAge_secs=2592000.000,enableOnlineBucketRepair=true,enableDataIntegrityControl=false,maxUnreplicatedMsecWithAcks=60000,maxUnreplacatedMsecNoAcks=300000,alwaysBloomBackfill=false,minStreamGroupQueueSize=2000,streamingTargetTsidxSyncPeriodMsec=5000,repFactor=0,hotBucketTimeRefreshInterval=10,enableTsidxReduction=0,suspendHotRollByDeleteQuery0,tsidxReductionCheckPeriodInSec=600.000,timePeriodInSecBeforeTsidxReduction=604800.000,remoteVolume=,remotePath=,splitByIndexKeys=,dataType=event,serviceInactiveIndexesPeriod=60]' isSlave=false
03-15-2018 15:49:12.733 -0700 INFO HotDBManager - closing hot mgr for idx=rapid7
03-15-2018 15:49:12.733 -0700 INFO HotDBManager - idx=rapid7 Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=0 maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
03-15-2018 15:49:12.733 -0700 INFO HotDBManager - idx=rapid7 minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
03-15-2018 15:49:12.627 -0700 INFO HotDBManager - closing hot mgr for idx=rapid7
03-15-2018 15:49:12.627 -0700 INFO HotDBManager - idx=rapid7 Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=0 maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
03-15-2018 15:49:12.627 -0700 INFO HotDBManager - idx=rapid7 minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
03-15-2018 15:49:12.612 -0700 INFO DatabaseDirectoryManager - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/rapid7/db
03-15-2018 15:49:12.612 -0700 INFO DatabaseDirectoryManager - idx=rapid7 Writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/rapid7/db', pendingBucketUpdates=0 . Reason='Refreshing manifest at start-up.'
03-15-2018 15:49:12.612 -0700 INFO DatabaseDirectoryManager - Start-up refreshing bucket manifest index=rapid7
03-15-2018 15:48:47.353 -0700 INFO HotDBManager - closing hot mgr for idx=rapid7
03-15-2018 15:48:47.353 -0700 INFO IndexWriter - idx=rapid7 Handling shutdown or signal, reason=1
03-15-2018 15:48:47.353 -0700 INFO IndexWriter - idx=rapid7 Sync before shutdown
03-15-2018 15:45:00.280 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" KeyError: 'session-id'
03-15-2018 15:45:00.280 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "lxml.etree.pyx", line 2295, in lxml.etree._Attrib.__getitem__ (src/lxml/lxml.etree.c:59806)
03-15-2018 15:45:00.280 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" self.authtoken = response.attrib['session-id']
03-15-2018 15:45:00.280 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/api/pnexpose.py", line 39, in login
03-15-2018 15:45:00.280 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" self.login()
03-15-2018 15:45:00.280 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/api/pnexpose.py", line 33, in __init__
03-15-2018 15:45:00.280 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" API_VER)
03-15-2018 15:45:00.280 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py", line 179, in register_metrics
03-15-2018 15:45:00.280 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" register_metrics(settings)
03-15-2018 15:45:00.280 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py", line 211, in run_script
03-15-2018 15:45:00.280 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" run_script()
03-15-2018 15:45:00.279 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py", line 235, in <module>
03-15-2018 15:45:00.279 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" Traceback (most recent call last):
03-15-2018 15:45:00.262 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" KeyError: 'session-id'
03-15-2018 15:45:00.262 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "lxml.etree.pyx", line 2295, in lxml.etree._Attrib.__getitem__ (src/lxml/lxml.etree.c:59806)
03-15-2018 15:45:00.262 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" self.authtoken = response.attrib['session-id']
03-15-2018 15:45:00.262 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/api/pnexpose.py", line 39, in login
03-15-2018 15:45:00.262 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" self.login()
03-15-2018 15:45:00.262 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/api/pnexpose.py", line 33, in __init__
03-15-2018 15:45:00.262 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" API_VER)
03-15-2018 15:45:00.262 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py", line 179, in register_metrics
03-15-2018 15:45:00.262 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" register_metrics(settings)
03-15-2018 15:45:00.262 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py", line 211, in run_script
03-15-2018 15:45:00.262 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" run_script()
03-15-2018 15:45:00.262 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py", line 235, in <module>
03-15-2018 15:45:00.262 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" Traceback (most recent call last):
03-15-2018 15:44:59.832 -0700 INFO ExecProcessor - setting reschedule_ms=300336, for command=python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:44:59.832 -0700 INFO ExecProcessor - setting reschedule_ms=300336, for command=python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:43:29.670 -0700 INFO ExecProcessor - New scheduled exec process: python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:43:29.670 -0700 INFO ExecProcessor - New scheduled exec process: python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:43:29.668 -0700 INFO ExecProcessor - Removing status item "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py (rapid7nexpose://lhs_vuln_exceptions) (isModInput=yes)
03-15-2018 15:43:29.668 -0700 INFO ExecProcessor - New scheduled exec process: python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:43:16.998 -0700 INFO ExecProcessor - New scheduled exec process: python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:43:16.998 -0700 INFO ExecProcessor - New scheduled exec process: python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:43:16.996 -0700 INFO ExecProcessor - Removing status item "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py (rapid7nexpose://lhs_asset_and_vuln) (isModInput=yes)
03-15-2018 15:43:16.996 -0700 INFO ExecProcessor - New scheduled exec process: python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:43:01.031 -0700 INFO ExecProcessor - New scheduled exec process: python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:43:01.031 -0700 INFO ExecProcessor - New scheduled exec process: python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:43:01.029 -0700 INFO ExecProcessor - New scheduled exec process: python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:42:56.842 -0700 INFO ExecProcessor - New scheduled exec process: python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py
03-15-2018 15:41:33.081 -0700 INFO IndexWriter - openDatabases complete currentId=-1 idx=rapid7
03-15-2018 15:41:33.081 -0700 INFO IndexWriter - idx=rapid7, Initializing, params='[300,period=60.000,frozenTimePeriodInSecs=64070000.000,coldToFrozenScript=,coldToFrozenDir=,warmToColdScript=,maxHotBucketSize=786432000,optimizeEvery=5.000,syncMeta=true,maxTotalDataSizeMB=500000,maxGlobalDataSizeMB=0,maxMemoryAllocationPerHotSliceMB=5,addressCompressBits=5,isReadOnly=false,maxMergizzles=6,maxHotSpanSecs=7776000.000,maxMetadataEntries=1000000,maxHotIdleSecs=0.000,maxHotBuckets=3,minHotIdleSecsBeforeForceRoll=0.000,quarantinePastSecs=77760000.000,quarantineFutureSecs=2592000.000,maxSliceSize=131072,serviceMetaPeriod=25.000,partialServiceMetaPeriod=0.000,throttleCheckPeriod=15.000,homePath_maxDataSizeBytes=0,coldPath_maxDataSizeBytes=0,compressionType=gzip,lz4BlockSize=65536,compressionLevel=-1,fsyncInterval=18446744073709551.615,maxBloomBackfillBucketAge_secs=2592000.000,enableOnlineBucketRepair=true,enableDataIntegrityControl=false,maxUnreplicatedMsecWithAcks=60000,maxUnreplacatedMsecNoAcks=300000,alwaysBloomBackfill=false,minStreamGroupQueueSize=2000,streamingTargetTsidxSyncPeriodMsec=5000,repFactor=0,hotBucketTimeRefreshInterval=10,enableTsidxReduction=0,suspendHotRollByDeleteQuery0,tsidxReductionCheckPeriodInSec=600.000,timePeriodInSecBeforeTsidxReduction=604800.000,remoteVolume=,remotePath=,splitByIndexKeys=,dataType=event,serviceInactiveIndexesPeriod=60]' isSlave=false
03-15-2018 15:41:33.080 -0700 INFO HotDBManager - closing hot mgr for idx=rapid7
03-15-2018 15:41:33.080 -0700 INFO HotDBManager - idx=rapid7 Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=0 maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
03-15-2018 15:41:33.080 -0700 INFO HotDBManager - idx=rapid7 minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
03-15-2018 15:41:33.001 -0700 INFO HotDBManager - closing hot mgr for idx=rapid7
03-15-2018 15:41:33.001 -0700 INFO HotDBManager - idx=rapid7 Setting hot mgr params: maxHotSpanSecs=7776000 maxHotBuckets=3 minHotIdleSecsBeforeForceRoll=0 maxDataSizeBytes=786432000 quarantinePastSecs=77760000 quarantineFutureSecs=2592000
03-15-2018 15:41:33.001 -0700 INFO HotDBManager - idx=rapid7 minHotIdleSecsBeforeForceRoll=auto; initializing, current value=600
03-15-2018 15:41:32.994 -0700 INFO DatabaseDirectoryManager - Finished writing bucket manifest in hotWarmPath=/opt/splunk/var/lib/splunk/rapid7/db
03-15-2018 15:41:32.994 -0700 INFO DatabaseDirectoryManager - idx=rapid7 Writing a bucket manifest in hotWarmPath='/opt/splunk/var/lib/splunk/rapid7/db', pendingBucketUpdates=0 . Reason='Refreshing manifest at start-up.'
03-15-2018 15:41:32.994 -0700 INFO DatabaseDirectoryManager - Start-up refreshing bucket manifest index=rapid7
03-15-2018 15:41:07.852 -0700 INFO HotDBManager - closing hot mgr for idx=rapid7
03-15-2018 15:41:07.852 -0700 INFO IndexWriter - idx=rapid7 Handling shutdown or signal, reason=1
03-15-2018 15:41:07.852 -0700 INFO IndexWriter - idx=rapid7 Sync before shutdown
Any clues on how to get this working?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
p_gurav
Champion
03-15-2018
11:20 PM
Hi,
These error messages suggest that authentication against the Nexpose server was unsuccessful.
If you are confident about your credentials/port/hostname, try to make sure there is no firewall blocking the connection.
Get Updates on the Splunk Community!
Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users
This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...
Everything Community at .conf24!
You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...
Index This | I’m short for "configuration file.” What am I?
May 2024 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with a Special ...
