Hi All, Can you guide me in how to resolve/clear the following error messages that are displayed in Splunk Portal.
Splunk version - 6.2.1
Errors that are popping out in the messages drop down are
1) msg="A script exited abnormally" input="./bin/reviewstatuses_makeCSV.py" stanza="default" status="exited with code 1"
2) msg="A lookup table used in a CIDR or WILDCARD definition exceeds the maximum allowable value" file="asn_by_cidr.csv" size="16739647" limit="10000000"
3) The search "Endpoint - Host Sending Excessive Email - Rule" is related to the correlation search "Endpoint - Emails By Source - Context Gen" but it is not enabled even though the correlation search is; this will cause the correlation to fail
4) The search "Network - Substantial Increase in Port Activity (By Destination) - Rule" is related to the correlation search "Network - Port Activity By Destination Port - Context Gen" but it is not enabled even though the correlation search is; this will cause the correlation to fail
Kindly guide me how to resolve this error and clear it from splunk portal.
thanks in advance.
↧