IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Not a JSON Array, timestamps in the payloads weeks old

  • 1.  Not a JSON Array, timestamps in the payloads weeks old

    Posted Tue August 17, 2021 02:56 PM

    I have constructed an xml workflow for NS1 DNS. I am getting logs in json format. However, the timestamps in the payloads (in epoch time) do not even come close to the Start time of the event in QRadar. We have confirmed with the end users that the time in the payload is correct and not the Start time in QRadar.

    I am following this for troubleshooting:

    https://www.ibm.com/docs/en/dsm?topic=protocol-command-line-testing-tool

    As we are using version 1, I have properly configured my command and am getting this output:

    [rootSupport Member]# java -cp "/opt/ibm/si/services/ecs-ec-ingress/current/bin/*:/opt/ibm/si/services/ecs-ec-ingress/eventgnosis/lib/q1labs/*" com.q1labs.semsources.sources.universalcloudrestapi.UniversalCloudRESTAPITest -wp Default-Workflow-Parameter-Values.xml -w qroc1.xml

    SLF4J: Class path contains multiple SLF4J bindings.

    SLF4J: Found binding in [jar:file:/opt/ibm/si/services/ecs-ec-ingress/2020.7.3.20210323172312/bin/slf4j-log4j12-1.7.13.jar!/org/slf4j/impl/StaticLoggerBinder.class]

    SLF4J: Found binding in [jar:file:/opt/ibm/si/services/ecs-ec-ingress/2020.7.3.20210323172312/bin/slf4j-simple-1.7.6.jar!/org/slf4j/impl/StaticLoggerBinder.class]

    SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.

    SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]

    2021-08-13 16:22:39 [INFO ][UniversalCloudRESTAPITest] Status changed to ERROR: Not a JSON Array: "<!doctype html>\n <html>\n <head>\n <meta http-equiv=\"content-type\" content=\"text/html; charset=UTF8\">\n <title>NS1 | Customer Portal</title>\n <meta name=\"google\" content=\"notranslate\" />\n <script src=\"/cdn-cgi/apps/head/BGkBeDlUJpHx3swQRyf58HOAico.js\"></script><link rel=\"shortcut icon\" type=\"image/ico\" href=\"assets/favicon.ico\">\n <link href='//fonts.googleapis.com/css?family=Montserrat:200,300,400,500,600|Open+Sans:300,600&amp;subset=latin' rel='stylesheet' type='text/css'>\n <link href=\"static/iconfont.css?v=<%= timestamp %>\" rel=\"stylesheet\" />\n </head>\n <body>\n\n <div id=\"app-body\"></div>\n <div id=\"error-modal\"></div>\n\n <script id=\"ga-script-holder\"></script>\n\n <script>\n (function(apiKey){\n (function(p,e,n,d,o){var v,w,x,y,z;o=p[d]=p[d]||{};o._q=o._q||[];\n v=['initialize','identify','updateOptions','pageLoad','track'];for(w=0,x=v.length;w<x;++w)(function(m){\n o[m]=o[m]||function(){o._q[m===v[0]?'unshift':'push']([m].concat([].slice.call(arguments,0)));};})(v[w]);\n y=e.createElement(n);y.async=!0;y.src='https://cdn.pendo.io/agent/static/'+apiKey+'/pendo.js';\n z=e.getElementsByTagName(n)[0];z.parentNode.insertBefore(y,z);})(window,document,'script','pendo');\n })('b2a55387-12c8-45ac-755d-dfc64dd9a22e');\n </script>\n <script src=\"ns1.js?v=1628794125638\"></script>\n <script>\n new NS1();\n </script>\n </body>\n </html>"



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Not a JSON Array, timestamps in the payloads weeks old



Related Content