Closed skydandrear closed 1 year ago
Hi Robert,
404 errors indicate that no breach/paste was found for an account (see https://haveibeenpwned.com/API/v3#ResponseCodes). They are handled in the code on lines 345 and 423 and should result in "No breach/paste reported for given account and time frame." messages in the respective Splunk result fields. This is the expected behavior.
I understand that the result fields are simply empty in your case though? If so, could you please provide me with as much information about this issue as possible? Are the same accounts affected every time, or random ones? Are different results returned when tested manually against the HIBP API? Do the affected mail addresses have something in common? Is this the case both when querying single accounts and multiple accounts? Is this the case for both the breach and paste fields?
Best Regards, hRun
Thank you for the explanation. Yes in my case Splunk search return an empty result (0 Event). The search head execute the search with a valid account that use the purchased Api key. So, we can say that is the same account that do not return any result. Unfortunately, this happen only on one of n instance that we have. In our environment we have other search head that run and execute the search without any problem on the same account that return 0 Event on other instance.
Hope this information are useful. Roberto
that info is certainly helpful in understanding the issue. unfortunately this sounds like something that i'll hardly be able to replicate. i'll try my best, but might have to close this issue without resolution.
hi there. sorry for forgetting to get back to you. i did some tesing around this issue previously though and was unable to reproduce it unfortunately. following unit testing practices, the only case where fields would not be populated is if you don't use a proxy and all requests fail. from what you described this is not the case in your setup though. i am afraid that with the little setup i have available for testing, i am not able to help out any further.
Hi, I am writing you because sometimes it happens that some email addresses are not analyzed and therefore the query in splunk does return errors.
Let me explain: when I try to check an email address
xxx@gmail.com
the query returns the result with all Breach and pastes. Sometimes, instead, with causal addresses likeyyy@gmail.com
nothing comes back.I also see within the curl that nothing return in the event, there is an error: page not found 404 at the time of response of the site haveibeenpwned.
I can not understand why this occurs only for n mail address and not for all.