remg427 / misp42splunk

A Splunk app to use MISP in background
GNU Lesser General Public License v3.0
108 stars 30 forks source link

misp42splunk_instances.conf #184

Closed norbertt911 closed 3 years ago

norbertt911 commented 3 years ago

Hello,

Could you please share (and confirm this functioning as inputs.conf) an example of misp42splunk_instances.conf? If I use the config menu? this file created under /opt/splunk/etc/apps/misp42splunk/local/ with the following content:

[MYMISP] client_use_cert = 0 misp_key = **** misp_url = https://mymispurl.domain misp_use_proxy = 0 misp_verifycert = 0

But a got: External search command 'mispgetioc' returned error code 1. Script output = "error_message=Exception at "/opt/splunk/etc/apps/misp42splunk/bin/misp_common.py", line 59 : ('local/misp42splunk_instances.conf does not contain any stanza %s ', 'default_misp') ".

so I think the default_misp is missing. ( If I name mymisp as default_misp, the error message only says: External search command 'mispgetioc' returned error code 1.)

I'm using Splunk 8.1.0.1 under CentOS.

Thanks for the help in advance.

splunkbot9000 commented 3 years ago

Same issue here

remg427 commented 3 years ago

Hi, thanks for interest In command you need to replace misp_instance=default_instance by misp_instance=MYMISP or whatever name you gave I.e. the stanza between [] -- Sent with K-9 Mail.