All Apps and Add-ons

Cisco AMP for Endpoints Events Input: Saving a new Input returns status 404

taasai
New Member

Hi,
WHen I am trying to save a new Input, the following response is coming back.
"Input could not be saved:
the server responded with status 404"

I just copied and pasted the API I and the API Key that were shown on the AMP Console GUID, host name is "api.apjc.amp.cisco.com" as long as I use the APJC AMP tower. I checked the following document.
https://api-docs.amp.cisco.com/

Does anyone know how to configure and save the info?

0 Karma

jgedeon_splunk
Splunk Employee
Splunk Employee

It looks like this issue should be fixed in the next release version, the fix is here:

https://github.com/Cisco-AMP/amp4e_splunk_events_input/issues/1

0 Karma

hardikJsheth
Motivator

What error are you getting when you perform save operation in splunkd.log?

0 Karma

taasai
New Member

do you mean this file?
"source = /opt/splunk/var/log/splunk/splunkd.log"
I got no entry for the file when I save. But I got the following

2017-11-27 23:12:23,566 ERROR Amp4eEvents - API Error (status 400): {"version":"v1.2.0","metadata":{"links":{"self":"https://api.apjc.amp.cisco.com/v1/event_streams"}},"data":{},"errors":[{"error_code":400,"descriptio... Request","details":["the server responded with status 404"]}]}
host = localhost.localdomain source = /opt/splunk/var/log/splunk/amp4e_events_input.log sourcetype = amp4e_events_input-2

2017-11-27 23:12:23,566 INFO Amp4eEvents - Received response from ApiService (400)
host = localhost.localdomain source = /opt/splunk/var/log/splunk/amp4e_events_input.log sourcetype = amp4e_events_input-2

2017-11-27 23:12:22,672 INFO Amp4eEvents - ApiService - creating stream with params {'group_guid': [], 'name': u'host', 'event_type': [u'1090519054']}
host = localhost.localdomain source = /opt/splunk/var/log/splunk/amp4e_events_input.log sourcetype = amp4e_events_input-2

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...