Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About James_ACN
James_ACN
Loves-to-Learn Everything
Member since:
10-26-2021
11-10-2021
Community Statistics
| Posts | 11 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 10-26-2021 |
Activity Feed
- Posted Re: ERROR Akamai SIEM Integration with Splunk on All Apps and Add-ons. 11-10-2021 01:36 PM
- Posted Re: Heavy forwarder not sending syslog to indexer on Getting Data In. 11-09-2021 05:02 AM
- Posted Re: How to monitor and index .bz2 files in Splunk? on Getting Data In. 11-09-2021 04:55 AM
- Posted Re: ERROR Akamai SIEM Integration with Splunk on All Apps and Add-ons. 11-09-2021 04:55 AM
- Posted Re: How to extract new fields from a JSON array? on Getting Data In. 11-09-2021 04:54 AM
- Posted How to monitor and index .bz2 files in Splunk? on Getting Data In. 11-05-2021 03:46 PM
- Posted How to extract new fields from a JSON array? on Getting Data In. 10-29-2021 08:38 AM
- Posted How to fix ERROR Akamai SIEM Integration with Splunk? on All Apps and Add-ons. 10-27-2021 01:49 PM
- Posted Re: Akamai Errors regarding SSL on All Apps and Add-ons. 10-26-2021 03:47 PM
- Tagged Re: Splunk Akamai SIEM integration apps error and cannot initialize on All Apps and Add-ons. 10-26-2021 03:31 PM
- Tagged Re: Splunk Akamai SIEM integration apps error and cannot initialize on All Apps and Add-ons. 10-26-2021 03:31 PM
- Posted Re: Splunk Akamai SIEM integration apps error and cannot initialize on All Apps and Add-ons. 10-26-2021 03:30 PM
- Posted Re: Akamai Siem Integration App "call not properly authenticated" on All Apps and Add-ons. 10-26-2021 03:24 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
11-10-2021
01:36 PM
Hi @tofa Yes I checked these possibilities, whether the local Linux firewall and the network firewall or AWS Firewall and telnet tests returns connected and there are no firewalls blocking. Thanks James \°/
... View more
11-09-2021
05:02 AM
Hello @johnlzy0408 Have you already checked splunkd.log if there is any ERROR log that might clarify the problem? Have you checked if the communication between HF and Indexer is OK on port 9997. Or if Iptables could be blocking this communication? Please provide more details of the issue. James \°/
... View more
11-09-2021
04:55 AM
Hi All! I still haven't been able to solve this problem. Does anyone have any outline suggestions? Thanks! James \°/
... View more
11-09-2021
04:55 AM
Hi All! I still haven't been able to solve this problem. Does anyone have any outline suggestions? Thanks! James \°/
... View more
11-09-2021
04:54 AM
Hi All! I still haven't been able to solve this problem. Does anyone have any outline suggestions? Thanks! James \°/
... View more
11-05-2021
03:46 PM
Hi, All. How to index compressed files in .bz2 format using Universal Forwarder installed on a Windows server? In UF: inputs.conf [monitor://E:\LogServer\Logs\*.bz2] sourcetype = XmlWinEventLog disabled=0 index = main props.conf [source::...E:\\LogServer\\Logs\\*.bz2] sourcetype = XmlWinEventLog [XmlWinEventLog] invalid_cause = archive unarchive_cmd = _auto According to the most recent docs Splunk does index compressed files: https://docs.splunk.com/Documentation/Splunk/8.2.1/Admin/Propsconf But even following these instructions, the logs are still not indexed and I was also unable to check the splunkd.log logs for any error that indicates a problem. Does anyone have any suggestions? Thanks in advance. James \°/
... View more
Labels
10-29-2021
08:38 AM
Hi All! How to extract and create different fields by transforms when there is an array (JSON) with several fields with the same name but different values? For example, the "text" field in the first case means "action", in the second the "text" field means "hostname". Just like "port" that appears twice would have to be identified as src_port and dst_port. Sample: "{ detail: { indicators: [ { filterId: [ ] id: 1 objectType: port objectValue: 445 relatedEntities: [ ] } { filterId: [ ] id: 2 objectType: text objectValue: Reset relatedEntities: [ ] } { filterId: [ ] id: 3 objectType: port objectValue: 36880 relatedEntities: [ ] } { filterId: [ ] id: 6 objectType: text objectValue: SERVERWIN01 relatedEntities: [ ] } { filterId: [ ] id: 7 objectType: detection_name objectValue: Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0147) relatedEntities: [ ] }" Thanks! James
... View more
Labels
- Labels:
-
field extraction
-
JSON
-
transforms.conf
10-27-2021
01:49 PM
Hi All,
I'm trying to integrate Akami logs with Splunk through siem-integrator, but I'm having problems. I've already installed Java (JRE), JDK too, but it still has errors as shown in splunkd.log.
I'm using the addon:
https://splunkbase.splunk.com/app/4310/
Has anyone in the community already been through this, or do they have an idea of what it could be?
Splunk Enterprise Version:8.2.2
Akamai-siem-splunk-connector: 1.4.9 java version "1.8.0_311" Java(TM) SE Runtime Environment (build 1.8.0_311-b11) Java HotSpot(TM) 64-Bit Server VM (build 25.311-b11, mixed mode)
splunkd.log
10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Message : Connection refused (Connection refused), Exception : java.lang.RuntimeException: Connection refused (Connection refused) 10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.HttpService.send(HttpService.java:462) 10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.Service.send(Service.java:1295) 10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.getValuesFromKVStore(Main.java:802) 10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.streamEvents(Main.java:449) 10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:74) 10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:48) 10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.main(Main.java:116) 10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Caused by: java.net.ConnectException: Connection refused (Connection refused)
Thank you very much.
James \°/
... View more
Labels
- Labels:
-
configuration
-
troubleshooting
10-26-2021
03:47 PM
Hi @Paaattt . I know it's been a while since I posted this error, but I'm also facing the same issue. But in my case the SIEM connector is installed directly in Splunk Indexer. Did you manage to solve this problem? Can anyone in the community help? Splunk Enterprise Version:8.2.2 siem-splunk-connector: 1.4.9 java version "1.8.0_311" Java(TM) SE Runtime Environment (build 1.8.0_311-b11) Java HotSpot(TM) 64-Bit Server VM (build 25.311-b11, mixed mode) splunkd.log 10-26-2021 19:09:55.623 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, begin streamEvents 10-26-2021 19:09:55.842 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, inputName=TA-Akamai_SIEM://akamai_vibra 10-26-2021 19:09:55.842 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, inputName(String)=TA-Akamai_SIEM://akamai_vibra 10-26-2021 19:09:55.847 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg=Processing Data... 10-26-2021 19:09:55.849 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg=KV Service get... 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Message : Connection refused (Connection refused), Exception : java.lang.RuntimeException: Connection refused (Connection refused) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.HttpService.send(HttpService.java:462) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.Service.send(Service.java:1295) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.getValuesFromKVStore(Main.java:802) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.streamEvents(Main.java:449) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:74) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:48) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.main(Main.java:116) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Caused by: java.net.ConnectException: Connection refused (Connection refused) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.PlainSocketImpl.socketConnect(Native Method) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.AbstractPlainSocketImpl.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.SocksSocketImpl.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.Socket.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.security.ssl.SSLSocketImpl.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.NetworkClient.doConnect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.http.HttpClient.openServer(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.http.HttpClient.openServer(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.HttpsClient.New(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.HttpService.send(HttpService.java:460) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" ... 6 more
... View more
10-26-2021
03:30 PM
Hi @chrishow . Hello my friend. I know it's been a while since I posted this error, but I'm also facing the same issue. But in my case the SIEM connector is installed directly in Splunk Indexer. Did you manage to solve this problem? Can anyone in the community help? Splunk Enterprise Version:8.2.2 siem-splunk-connector: 1.4.9 java version "1.8.0_311" Java(TM) SE Runtime Environment (build 1.8.0_311-b11) Java HotSpot(TM) 64-Bit Server VM (build 25.311-b11, mixed mode) splunkd.log: 10-26-2021 19:09:55.623 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, begin streamEvents 10-26-2021 19:09:55.842 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, inputName=TA-Akamai_SIEM://akamai_vibra 10-26-2021 19:09:55.842 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, inputName(String)=TA-Akamai_SIEM://akamai_vibra 10-26-2021 19:09:55.847 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg=Processing Data... 10-26-2021 19:09:55.849 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg=KV Service get... 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Message : Connection refused (Connection refused), Exception : java.lang.RuntimeException: Connection refused (Connection refused) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.HttpService.send(HttpService.java:462) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.Service.send(Service.java:1295) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.getValuesFromKVStore(Main.java:802) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.streamEvents(Main.java:449) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:74) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:48) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.main(Main.java:116) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Caused by: java.net.ConnectException: Connection refused (Connection refused) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.PlainSocketImpl.socketConnect(Native Method) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.AbstractPlainSocketImpl.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.SocksSocketImpl.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.Socket.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.security.ssl.SSLSocketImpl.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.NetworkClient.doConnect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.http.HttpClient.openServer(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.http.HttpClient.openServer(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.HttpsClient.New(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.HttpService.send(HttpService.java:460) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" ... 6 more Thanks in Advanced. James \o/
... View more
10-26-2021
03:24 PM
Hello @jjobar. I know it's been a while since I posted this error, but I'm also facing the same issue. But in my case the SIEM connector is installed directly in Splunk Indexer. Did you manage to solve this problem? Can anyone in the community help? Splunk Enterprise Version:8.2.2 siem-splunk-connector: 1.4.9 java version "1.8.0_311" Java(TM) SE Runtime Environment (build 1.8.0_311-b11) Java HotSpot(TM) 64-Bit Server VM (build 25.311-b11, mixed mode) splunkd.log: 10-26-2021 19:09:55.623 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, begin streamEvents 10-26-2021 19:09:55.842 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, inputName=TA-Akamai_SIEM://akamai_vibra 10-26-2021 19:09:55.842 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, inputName(String)=TA-Akamai_SIEM://akamai_vibra 10-26-2021 19:09:55.847 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg=Processing Data... 10-26-2021 19:09:55.849 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg=KV Service get... 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Message : Connection refused (Connection refused), Exception : java.lang.RuntimeException: Connection refused (Connection refused) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.HttpService.send(HttpService.java:462) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.Service.send(Service.java:1295) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.getValuesFromKVStore(Main.java:802) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.streamEvents(Main.java:449) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:74) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:48) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.main(Main.java:116) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Caused by: java.net.ConnectException: Connection refused (Connection refused) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.PlainSocketImpl.socketConnect(Native Method) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.AbstractPlainSocketImpl.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.SocksSocketImpl.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.Socket.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.security.ssl.SSLSocketImpl.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.NetworkClient.doConnect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.http.HttpClient.openServer(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.http.HttpClient.openServer(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.HttpsClient.New(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.HttpService.send(HttpService.java:460) 10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" ... 6 more Thanks in advanced! James \o/
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-10-2021
05:13 PM
|
