remg427
commented
4 years ago Hi which version of misp42splunk? -- Sent with K-9 Mail.
Closed nxdamian closed 4 years ago
remg427
commented
4 years ago Hi which version of misp42splunk? -- Sent with K-9 Mail.
nxdamian
commented
4 years ago Splunk Cloud version: 8.0.2003.1 misp42splunk version: 3.1.12 (installed from https://splunkbase.splunk.com/app/4335/)
remg427
commented
4 years ago Hi could you share your search and also check search logs with level set to debug Also test with level set to error thanks
Le 15 juin 2020 22:43:37 GMT+02:00, nxdamian notifications@github.com a écrit :
Splunk Cloud version: 8.0.2001.1 misp42splunk version: 3.1.12
-- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/remg427/misp42splunk/issues/155#issuecomment-644378651
-- Sent with K-9 Mail.
nxdamian
commented
4 years ago Sorry for late reply. I was waiting for Splunk support to update the TA to 3.2.0 (cloud compatible).
So the problem was in default report query: "| mispgetioc misp_instance=default_misp", it will return an error message. I missed the fact that "default_misp" must be replaced with actual MISP instance name I configured e.g. "misp_instance=MISP_CIRCL".
Getting
External search command 'mispgetioc' returned error code 1. Script output = "error_message=AttributeError at "/opt/splunk/etc/apps/misp42splunk/bin/packages/aob_py3/splunklib/searchcommands/reporting_command.py", line 89 : 'function' object has no attribute 'ConfigurationSettings' ".Using Splunk Cloud.