Re: ERROR ExecProcessor - message from "python /ap...

jeffriesa · ‎09-26-2016

After going to the new version, look like its not working with no data going into the index.

Running the search (index=_internal sourcetype=splunkd TA-QualysCloudPlatform) we are getting a lot of the following:

ERROR ExecProcessor - message from "python /apps/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualys.py"

qualysModule.lib.api.Client.APIRequestError: Error during request to /msp/about.php, [None] Unauthorized
raise APIRequestError("Error during request to %s, [%s] %s" % (end_point, ue.errno, ue.reason))

jeffriesa · ‎10-13-2016

So the issue was with API access.

The best way to find these WAS issues and the answers is from the following search:

index=_internal sourcetype=qualys source="qualys://was_findings"

jeffriesa · ‎10-10-2016

The only issue i see is the WAS APP.

The TA is downloading xml files but not passing them into the APP.

prabhasgupte · ‎11-22-2016

Can you please elaborate what issue you are facing with WAS app?

jeffriesa · ‎11-22-2016

After a while the data did get into the APP

prabhasgupte · ‎11-22-2016

Good to see your problem no more exists! There's really no magic in WAS app, its just a bunch of dashboards and reports. TA ingests data into Splunk and then this app just do the reporting part on top of that. Must be some delay in events association at Splunk level. 🙂

jeffriesa · ‎10-10-2016

I have finally got this working again.

I removed the application, restarted splunk and installed it again.

Double checked the user account had rights to everything. Noticed that the account i was using didnt have rights to view all objects.

ERROR ExecProcessor - message from "python /apps/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualys.py"

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?