Call to get access token returned empty token without an error'

[Guru668]

While we configuring Falcon SIME connector in Linux machine we are facing below error.

Retrying work for partition=-1 due to error='falconhose[oauth2]: call to get access token returned empty token without an error'

Please check and update me with solution. Thanks in advance Guruprasad

[gauravm-optimus]

getting the following error

INFO: REDISCOVERING for partition=-1 attempt#14205 [interval: 30s] 2021/06/30 08:02:15 discoverer.go:207: TRACE: Retrying work for partition=-1 due to error='falconhose[discoverer]: discovery failed with HTTP: 401, Payload:"meta": { "query_time": 1.06e-7, "powered_by": "crowdstrike-api-gateway", "trace_id": "257e92d2-abf9-403c-9f42-f67598907c6c" }, "errors": [ { "code": 401, "message": "access denied, invalid bearer token" } ] }

[adsalun]

facing the same issue. @gauravm-optimus did you find the solution?

[baxitaurus]

Check that you have the required scopes (read for Event Streams) and if so try to change the base url you're using for both the API and token request.

The base URLs available are:

 48 
 49     US1 = "api.crowdstrike.com"
 50     US2 = "api.us-2.crowdstrike.com"
 51     EU1 = "api.eu-1.crowdstrike.com"
 52     USGOV1 = "api.laggar.gcw.crowdstrike.com"
 53     AUTO = "api.crowdstrike.com"                

If you are using the default URL (AUTO) try changing the values set in /opt/crowdstrike/etc/cs.falconhoseclient.cfg in order to use the US2 or the EU1

api_url = https://api.crowdstrike.com/sensors/entities/datafeed/v2
request_token_url = https://api.crowdstrike.com/oauth2/token

---

US-2

api_url = https://api.us-2.crowdstrike.com/sensors/entities/datafeed/v2
request_token_url = https://api.us-2.crowdstrike.com/oauth2/token

---

EU-1

api_url = https://api.eu-1.crowdstrike.com/sensors/entities/datafeed/v2
request_token_url = https://api.eu-1.crowdstrike.com/oauth2/token