Hello, Stephen.
In order to diagnose this issue we require snippets from two log files from the folder $SPLUNK_HOME/var/log/splunk (where $SPLUNK_HOME is your Splunk installation directory):
- splunkd.log
- TA-rapid7_nexpose.log
In addition, it would be helpful to receive the Nexpose logs from the time period in which the query was running.
Lastly, it would also be helpful if you could take the query that you've removed from the log and run it as a SQL export within Nexpose. Here is a video which explains how to run a report within Nexpose:
https://www.rapid7.com/resources/sql-reports-in-nexpose/
If you could forward the logs and the results (time taken, file size and so on) from the SQL export to support@rapid7.com, we'll be able to assist you further.
Thanks in advance.
... View more