Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable to load query json. Error: Error Message: Expecting value: line 1 column 1 (char 0)

squirrel38
New Member
‎11-09-2023 01:16 AM

Hi,

I'm trying Splunk SOAR Community Edition, and I'm having an issue with the Elasticsearch app.

I'm attempting to configure the asset with my Elasticsearch instance. The test connectivity is good, but I can't poll incidents with "poll now." I encounter this type of error:


Starting ingestion...
If an ingestion is already in progress, this request will be queued and completed after that request completes.
App 'Elasticsearch' started successfully (id: 1699519715123) on asset: 'elastic'(id: 4)
Loaded action execution configuration
Quering data for soar index
Successfully added containers: 0, Successfully added artifacts: 0
1 action failed Unable to load query json. Error: Error Message: Expecting value: line 1 column 1 (char 0)


However, when I use an action in a playbook with the command "run query," I can see data.

Has anyone ever encountered this error ?

Labels (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...