We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello,
we tried to use that provider and got issue:
erraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # splunk_saved_searches.saved_search will be created + resource "splunk_saved_searches" "saved_search" { + action_email = (known after apply) + action_email_auth_password = (known after apply) + action_email_auth_username = (known after apply) + action_email_bcc = (known after apply) + action_email_cc = (known after apply) + action_email_command = (known after apply) + action_email_format = (known after apply) + action_email_from = (known after apply) + action_email_hostname = (known after apply) + action_email_include_results_link = 0 + action_email_include_search = (known after apply) + action_email_include_trigger = (known after apply) + action_email_include_trigger_time = (known after apply) + action_email_include_view_link = 0 + action_email_inline = true + action_email_mailserver = (known after apply) + action_email_max_results = (known after apply) + action_email_max_time = (known after apply) + action_email_message_alert = "Report for CyberArk PTA unmanaged privileged access accounts." + action_email_message_report = (known after apply) + action_email_pdfview = (known after apply) + action_email_preprocess_results = (known after apply) + action_email_report_cid_font_list = (known after apply) + action_email_report_include_splunk_logo = (known after apply) + action_email_report_paper_orientation = (known after apply) + action_email_report_paper_size = (known after apply) + action_email_report_server_enabled = (known after apply) + action_email_report_server_url = (known after apply) + action_email_send_csv = 1 + action_email_send_pdf = (known after apply) + action_email_send_results = true + action_email_subject = "Splunk Report: P4 - $name$" + action_email_to = "[email protected]" + action_email_track_alert = true + action_email_ttl = (known after apply) + action_email_use_ssl = (known after apply) + action_email_use_tls = (known after apply) + action_email_width_sort_columns = (known after apply) + action_populate_lookup = (known after apply) + action_populate_lookup_command = (known after apply) + action_populate_lookup_dest = (known after apply) + action_populate_lookup_hostname = (known after apply) + action_populate_lookup_max_results = (known after apply) + action_populate_lookup_max_time = (known after apply) + action_populate_lookup_track_alert = (known after apply) + action_populate_lookup_ttl = (known after apply) + action_rss = (known after apply) + action_rss_command = (known after apply) + action_rss_hostname = (known after apply) + action_rss_max_results = (known after apply) + action_rss_max_time = (known after apply) + action_rss_track_alert = (known after apply) + action_rss_ttl = (known after apply) + action_script = (known after apply) + action_script_command = (known after apply) + action_script_filename = (known after apply) + action_script_hostname = (known after apply) + action_script_max_results = (known after apply) + action_script_max_time = (known after apply) + action_script_track_alert = (known after apply) + action_script_ttl = (known after apply) + action_slack_param_attachment = "none" + action_snow_event_param_account = (known after apply) + action_snow_event_param_additional_info = (known after apply) + action_snow_event_param_ci_identifier = (known after apply) + action_snow_event_param_custom_fields = (known after apply) + action_snow_event_param_description = (known after apply) + action_snow_event_param_node = (known after apply) + action_snow_event_param_resource = (known after apply) + action_snow_event_param_severity = (known after apply) + action_snow_event_param_type = (known after apply) + action_summary_index = (known after apply) + action_summary_index_command = (known after apply) + action_summary_index_hostname = (known after apply) + action_summary_index_inline = (known after apply) + action_summary_index_max_results = (known after apply) + action_summary_index_max_time = (known after apply) + action_summary_index_name = (known after apply) + action_summary_index_track_alert = (known after apply) + action_summary_index_ttl = (known after apply) + actions = "email" + alert_comparator = (known after apply) + alert_condition = (known after apply) + alert_digest_mode = false + alert_expires = (known after apply) + alert_severity = (known after apply) + alert_suppress = true + alert_suppress_fields = "user,Client_Entity" + alert_suppress_period = "86400s" + alert_threshold = (known after apply) + alert_track = (known after apply) + alert_type = (known after apply) + allow_skew = (known after apply) + auto_summarize = (known after apply) + auto_summarize_command = (known after apply) + auto_summarize_cron_schedule = (known after apply) + auto_summarize_dispatch_earliest_time = (known after apply) + auto_summarize_dispatch_latest_time = (known after apply) + auto_summarize_dispatch_time_format = (known after apply) + auto_summarize_dispatch_ttl = (known after apply) + auto_summarize_max_disabled_buckets = (known after apply) + auto_summarize_max_summary_ratio = (known after apply) + auto_summarize_max_summary_size = (known after apply) + auto_summarize_max_time = (known after apply) + auto_summarize_suspend_period = (known after apply) + auto_summarize_timespan = (known after apply) + cron_schedule = "5 4 * * 1" + description = "This UC should detect if a connection to a machine or a cloud service is made with a privileged account that is not stored in the Vault." + disabled = true + dispatch_buckets = (known after apply) + dispatch_earliest_time = "-7d" + dispatch_index_earliest = (known after apply) + dispatch_index_latest = (known after apply) + dispatch_indexed_realtime = (known after apply) + dispatch_indexed_realtime_minspan = (known after apply) + dispatch_indexed_realtime_offset = (known after apply) + dispatch_latest_time = "now" + dispatch_lookups = (known after apply) + dispatch_max_count = (known after apply) + dispatch_max_time = (known after apply) + dispatch_reduce_freq = (known after apply) + dispatch_rt_backfill = true + dispatch_rt_maximum_span = (known after apply) + dispatch_spawn_process = (known after apply) + dispatch_time_format = (known after apply) + dispatch_ttl = (known after apply) + display_view = (known after apply) + id = (known after apply) + is_scheduled = (known after apply) + is_visible = true + max_concurrent = (known after apply) + name = "Threat - 0811_Unmanaged_Privileged_Access - Rule" + realtime_schedule = (known after apply) + request_ui_dispatch_app = "SplunkEnterpriseSecuritySuite" + request_ui_dispatch_view = (known after apply) + restart_on_searchpeer_add = (known after apply) + run_on_startup = (known after apply) + schedule_priority = (known after apply) + schedule_window = "auto" + search = <<-EOT `indexes_live_cyberark` sourcetype="cyberark:pta:json" signature_id="22" signature="Unmanaged privileged access" \ |stats values(src) as src_ip values(dst) as dest max(_time) as _time values(index) as index values(signature) as message values(signature_id) as signature_id values(ba_sys_id) as ba_sys_id by duser client_entity\ |rename _time as event_time dest as hostname duser as user client_entity as Client_Entity\ | eval event_time=strftime(event_time,"%Y-%m-%d %H:%M:%S")\ | table event_time Client_Entity index src_ip hostname user message signature_id ba_sys_id EOT + vsid = (known after apply) + workload_pool = (known after apply) + acl { + app = "launcher" + can_change_perms = (known after apply) + can_share_app = (known after apply) + can_share_global = (known after apply) + can_share_user = (known after apply) + can_write = (known after apply) + owner = "admin" + read = (known after apply) + removable = (known after apply) + sharing = "app" + write = (known after apply) } } Plan: 1 to add, 0 to change, 0 to destroy. splunk_saved_searches.saved_search: Creating... ╷ │ Error: Plugin did not respond │ │ with splunk_saved_searches.saved_search, │ on main.tf line 6, in resource "splunk_saved_searches" "saved_search": │ 6: resource "splunk_saved_searches" "saved_search" { │ │ The plugin encountered an error, and failed to respond to the │ plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may │ contain more details. ╵ Stack trace from the terraform-provider-splunk_v1.4.19 plugin: panic: runtime error: index out of range [0] with length 0 goroutine 34 [running]: github.com/splunk/terraform-provider-splunk/splunk.getSavedSearchesConfigByName({0x40000350b0, 0x30}, 0x4000226ab0) github.com/splunk/terraform-provider-splunk/splunk/resource_splunk_saved_searches.go:1886 +0x220 github.com/splunk/terraform-provider-splunk/splunk.savedSearchesRead(0x4000232000, {0x76c920?, 0x400023ac50}) github.com/splunk/terraform-provider-splunk/splunk/resource_splunk_saved_searches.go:1159 +0x164 github.com/splunk/terraform-provider-splunk/splunk.savedSearchesCreate(0x7c9a00?, {0x76c920?, 0x400023ac50}) github.com/splunk/terraform-provider-splunk/splunk/resource_splunk_saved_searches.go:1144 +0x1b8 github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Resource).Apply(0x40004b6090, 0x4000[280](https://code.rbi.tech/raiffeisen/rcdc-splunk-tf-savedsearches/actions/runs/624997/jobs/1941269#step:4:288)370, 0x40005ea720, {0x76c920, 0x400023ac50}) github.com/hashicorp/[email protected]/helper/schema/resource.go:310 +0x3cc github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Provider).Apply(0x400017c980, 0x4000299940, 0x8bf15c?, 0xf?) github.com/hashicorp/[email protected]/helper/schema/provider.go:294 +0x6c github.com/hashicorp/terraform-plugin-sdk/internal/helper/plugin.(*GRPCProviderServer).ApplyResourceChange(0x400000ed38, {0x40002323f0?, 0x0?}, 0x40002323f0) github.com/hashicorp/[email protected]/internal/helper/plugin/grpc_provider.go:885 +0x69c github.com/hashicorp/terraform-plugin-sdk/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x88ba20?, 0x400000ed38}, {0xa57190, 0x400072a1e0}, 0x4000684120, 0x0) github.com/hashicorp/[email protected]/internal/tfplugin5/tfplugin5.pb.go:3305 +0x16c google.golang.org/grpc.(*Server).processUnaryRPC(0x4000378480, {0xa5aac0, 0x4000378600}, 0x400021e400, 0x40004d3920, 0xf3e760, 0x0) google.golang.org/[email protected]/server.go:1024 +0xb4c google.golang.org/grpc.(*Server).handleStream(0x4000378480, {0xa5aac0, 0x4000378600}, 0x400021e400, 0x0) google.golang.org/[email protected]/server.go:1313 +0x890 google.golang.org/grpc.(*Server).serveStreams.func1.1() google.golang.org/[email protected]/server.go:722 +0x84 created by google.golang.org/grpc.(*Server).serveStreams.func1 google.golang.org/[email protected]/server.go:720 +0xe4 Error: The terraform-provider-splunk_v1.4.19 plugin crashed! This is always indicative of a bug within the plugin. It would be immensely helpful if you could report the crash with the plugin's maintainers so that it can be fixed. The output above should help diagnose the issue. Error: Process completed with exit code 1.
resource definition:
resource "splunk_saved_searches" "saved_search" { name = "Threat - 0811_Unmanaged_Privileged_Access - Rule" search = file("${path.module}/ss_queries/0811_Unmanaged_Priviledged_Access_Rule.query") actions = "email" action_email_send_results = "1" action_email_subject = "Splunk Report: P4 - $name$" action_email_to = "[email protected]" action_email_track_alert = "1" dispatch_earliest_time = "-7d" dispatch_latest_time = "now" cron_schedule = "5 4 * * 1" alert_suppress = "1" alert_suppress_fields = "user,Client_Entity" alert_suppress_period = "86400s" description = "This UC should detect if a connection to a machine or a cloud service is made with a privileged account that is not stored in the Vault." action_email_include_results_link = "0" action_email_include_view_link = "0" action_email_inline = "1" action_email_message_alert = "Report for CyberArk PTA unmanaged privileged access accounts." action_email_send_csv = "1" alert_digest_mode = "0" disabled = "1" dispatch_rt_backfill = "1" request_ui_dispatch_app = "SplunkEnterpriseSecuritySuite" schedule_window = "auto" acl { owner = "admin" sharing = "app" app = "launcher" } }
so we would like to know what is wrong?
ticket looks relevant to #128, but there is no any meaningful answer on what it could be.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hello,
we tried to use that provider and got issue:
resource definition:
so we would like to know what is wrong?
ticket looks relevant to #128, but there is no any meaningful answer on what it could be.
The text was updated successfully, but these errors were encountered: