EDR: No CB-Event-Forwarder Events Are Appearing in Splunk
Article ID: 291298
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Setup the CB-Event-Forwarder to send logs to Splunk but they are not appearing
- The \var\log\cb\integrations\cb-event-forwarder\cb-event-forwarder.log may have the following messages:
- <title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p>
Environment
- EDR Server: All Supported Versions
- Splunk: All Supported Versions
Cause
This can happen if the Splunk URL is not accepting the traffic
Resolution
Change the Splunk URL to a working one and verify that the traffic isn't being blocked by the firewall
Additional Information
Please refer to the Splunk Documentation for building the correct URL here
Feedback
Yes
No
Powered by
