Hi, I have installed the Akamai Siem App on a Heavy Forwarder and did some initial testing and besides not having proper authentication at the Akamai side, the app was working and sending data to my indexers. After they changed something at our user level and asked us to retry I keep getting the following error messages and I can't find the root cause of them: 12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Message : HTTP 401 -- call not properly authenticated, Exception : com.splunk.HttpException: HTTP 401 -- call not properly authenticated 12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.HttpException.create(HttpException.java:84) 12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.HttpService.send(HttpService.java:500) 12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.Service.send(Service.java:1295) 12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.getValuesFromKVStore(Main.java:802) 12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.streamEvents(Main.java:455) 12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:74) 12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:48) 12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.main(Main.java:116) 12-22-2020 12:30:28.303 +0100 INFO ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, end streamEvents 12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" javax.xml.stream.XMLStreamException: No element was found to write: java.lang.ArrayIndexOutOfBoundsException: -1 I'm running openjdk version "1.8.0_265" which initially worked fine and I'm using the latest version of the Akamai Siem app which is 1.4.8. Splunk version is 7.3.4 and should be fine. Anybody have some clues for this? Regards
... View more