EDR SplunkApp: Unable to query 1000+ sensors using SplunkApp
Article ID: 287400
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Unable to query more than 1000 sensors at a time.
Environment
- EDR Server: 7.6.x +
- EDR SplunkApp: 3.0.3 or lower
Cause
- Changes in EDR Server 7.6.1 enabled pagination to help with application loading (see Related Content below).
- The EDR SplunkApp 3.0.3 and lower contains the 1.7.6 CB Python API, which has not bee updated for the pagination changes mentioned above.
Resolution
- Upgrade the EDR SplunkApp to 3.0.4 or greater.
Feedback
Yes
No
Powered by
