EDR: CB Spunk App's "sensorsearch" Command Not Returning All Sensors Since the EDR Server Was Upgraded to v7.3

EDR: CB Spunk App's "sensorsearch" Command Not Returning All Sensors Since the EDR Server Was Upgraded to v7.3

search cancel

EDR: CB Spunk App's "sensorsearch" Command Not Returning All Sensors Since the EDR Server Was Upgraded to v7.3

book

Article ID: 288247

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Running the "sensorsearch" command only returns 20-40 sensors rather that the thousands that exist.
Problem started after upgrading to EDR server 7.3
Two 499 errors appear in the Servers' /var/log/cb/nginx/access.log on the Primary.

Environment

EDR Server: 7.3
EDR Sensor: All versions
CB Splunk App: 2.1.2, 2.1.4

Cause

Known issue with Splunk Apps 2.1.4 and below

Resolution

Upgrade to the CB Splunk App 2.2 as this should be fixed

Additional Information

EDR: Where can someone get support for the CB Splunk Application?

Feedback

thumb_up Yes

thumb_down No