All Apps and Add-ons

Getting checkpointer error for alerts in Sophos Add-on for splunk

ajaycitrus
New Member

I have installed the Sophos on Add for Splunk (https://splunkbase.splunk.com/app/4096/ ) on HF

I am able to receive the events perfectly but i get the below error when i configure it to pull alerts:

2020-03-05 11:52:19,263 ERROR pid=176598 tid=MainThread file=base_modinput.py:log_error:307 |
{"has_more":false,"next_cursor":"xxxxxxxxLTAzLTA1VDEwOjUyOjE5LjIwM1o=","items":[]}

0 Karma

eegiievol
Explorer

Could you please help me. Is there anything else I have to modify except inputs.conf. I have trouble getting data onboard. 

0 Karma

konstr
Path Finder

I am having the exact same issue, did you manage to figure it out?

0 Karma

ajaycitrus
New Member

I have upgraded to the latest version.

Now, its polls data one-twice in a day although polling interval is set at 30 seconds.
Most of the times, it fails but once or twice, the request goes through and pulls all the data ( there is no gap in the data)

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...