Splunk SOAR
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Unable to load query json. Error: Error Message: Expecting value: line 1 column 1 (char 0)

squirrel38
New Member
‎11-09-2023 01:16 AM

Hi,

I'm trying Splunk SOAR Community Edition, and I'm having an issue with the Elasticsearch app.

I'm attempting to configure the asset with my Elasticsearch instance. The test connectivity is good, but I can't poll incidents with "poll now." I encounter this type of error:


Starting ingestion...
If an ingestion is already in progress, this request will be queued and completed after that request completes.
App 'Elasticsearch' started successfully (id: 1699519715123) on asset: 'elastic'(id: 4)
Loaded action execution configuration
Quering data for soar index
Successfully added containers: 0, Successfully added artifacts: 0
1 action failed Unable to load query json. Error: Error Message: Expecting value: line 1 column 1 (char 0)


However, when I use an action in a playbook with the command "run query," I can see data.

Has anyone ever encountered this error ?

Labels (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...