Splunk SOAR (f.k.a. Phantom)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Phantom Play Book Editor, Debugger Problem. Please Help

johnteo
Explorer
‎11-13-2019 06:03 PM

For all of the playbooks I have executed and tried to test in the past 24 hours, none of them have successfully executed although no changes have been made to them and they worked fined previously.

The only output at Phantom would be Status: Running. However, upon further inspection the count of failures for running that playbook is increased by 1 for every time I test it.

All the assets are healthy and I have not exceeded he maximum number of actions. I would very much appreciate any assistance and insights offered!

Labels (1)
Labels
Tags (1)
0 Karma
Reply

ansusabu
Communicator
‎11-17-2019 08:57 PM

duplicate question:

https://answers.splunk.com/answers/783481/vpe-debugger-issue-no-response-on-test.html#answer-783484

0 Karma
Reply

phantom_mhike
Path Finder
‎11-14-2019 09:31 AM

The playbook editor and debugger have a lot of browser side processing going on and caching can cause issues especially after upgrades. That would be my first check. Clear browsing data or try an incognito tab and see if you have the same issue in the debugger.

If the issue persists, go to the container you were debugging against and click on the elipsis next to the playbook in the activity pane and look at the debug log there. If you still dont see the debug logs in this view, then there is something substantially wrong with your phantom instance. If you do see logs here, then this is almost certainly a browser caching issue. Clear all the browser datas and try again or test with a different browser.

0 Karma
Reply

johnteo
Explorer
‎11-14-2019 06:31 PM

I have cleared all browser datas and tried testing again with different browsers as suggested.

I am also able to view the activity logs, however the same problem still persists whereby the testing is stuck at Status: Running. Could there be any other problems that could have caused this and methods to resolve it?

0 Karma
Reply

phantom_mhike
Path Finder
‎11-14-2019 07:56 PM

If it isnt a browser issue then my next shot would be to tail the logs at /var/log/phantom and look for any exception thrown while you try running the playbook.

This is not normal behavior at all. What phantom version are you on?

0 Karma
Reply

johnteo
Explorer
‎11-14-2019 10:29 PM

All is well. I have managed to restart the server and the issue went away alongside it. Thank you so much

0 Karma
Reply

johnteo
Explorer
‎11-14-2019 06:46 PM

This applies to all the playbooks that I try and execute

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...