[BUG] Alert script returned error code 31

LetMeR00t / TA-thehive-cortex

Technical add-on for Splunk related to TheHive/Cortex from TheHive project

GNU Lesser General Public License v3.0

47 stars 11 forks source link

[BUG] Alert script returned error code 31 #53

Closed hsohsoler closed 1 year ago

hsohsoler commented 1 year ago

Request Type

Bug

Work Environment

Question	Answer
Add-on Version	2.3.1
TheHive version / git hash	4.1.23-1

Problem Description

When alert in splunk is triggered, we recive this error:

Steps to Reproduce

Possible Solutions

Logs (issued from the search.log with logging mode set to DEBUG under Settings/Configuration)

LetMeR00t commented 1 year ago

Hi, From the v2.3.1, it seems that the sys code error is happening from this location:

https://github.com/LetMeR00t/TA-thehive-cortex/blob/9363b2a1e6f91ad9675fc276d0082bee95d560a9/TA-thehive-cortex/bin/common.py#L166-L172

Are you sure that the instance ID put in your savedsearch is correct ? Cause it seems that it can't find it in your configuration.

Thank you

hsohsoler commented 1 year ago

jajajaja yes indeed I don't have an Instance configured, because I had problems with KVStore in Splunk and I think that when I cleaned up KVStore I fucked all my instances.

We can close this post thank you and sorry.