All Apps and Add-ons

Splunk Add-on for Cisco IPS, I can't get any data.

wuhenzhe
Engager

pySDEE.py :
req = urllib2.Request("%s?%s" % (self._uri, params))
req.add_header('Authorization', "BASIC %s" % (self._b64pass))
data = urllib2.urlopen(req)
self._response = data.read()
获取出来的数据为

<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns="http://www.cisco.com/cids/2006/08/cidee" xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:sd="http://example.org/2003/08/sdee" xmlns:cid="http://www.cisco.com/cids/2006/08/cidee"><env:Header><sd:oobInfo><sd:sessionId>9b39b7e6f010d79497aed75b8acd832e</sd:sessionId></sd:oobInfo></env:Header><env:Body><sd:subscriptionId>sub-18-d35d11f3</sd:subscriptionId></env:Body></env:Envelope>

即使有数据也是这样的,请问这是出了什么问题。我通过Cisco的软件去查看是有数据的。

0 Karma

satishsdange
Builder

I presume you have followed Splunk doc for setting up Cisco IPS as data source. http://docs.splunk.com/Documentation/AddOns/released/CiscoIPS/Configureinputs

If you still face any problem, please share inputs.conf, output of index=_internal tcpoutputproc error *.py

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...