Filebeat threatintel module error

Hello,

I am trying the new threat intel module, I am having an error in the otx

2021-07-09T16:33:12.322+0200	ERROR	[input.httpjson-cursor.retryablehttp]	go-retryablehttp@v0.6.6/client.go:553	request failed%!(EXTRA string=error, *url.Error=Get "": unsupported protocol scheme "", string=method, string=GET, string=url, *url.URL=)	{"input_source": "https://otx.alienvault.com/api/v1/indicators/export", "input_url": "https://otx.alienvault.com/api/v1/indicators/export"}
2021-07-09T16:33:12.322+0200	ERROR	[input.httpjson-cursor]	v2/request.go:186	error processing response: failed to execute http client.Do: Get "": Get "": unsupported protocol scheme ""	{"input_source": "https://otx.alienvault.com/api/v1/indicators/export", "input_url": "https://otx.alienvault.com/api/v1/indicators/export"}

I didn't change anything in the configuration, I just added my api_token, so my configuration looks like that:

  otx:
    enabled: true

    # Input used for ingesting threat intel data
    var.input: httpjson

    # The URL used for OTX Threat Intel API calls.
    var.url: https://otx.alienvault.com/api/v1/indicators/export

    # The authentication token used to contact the OTX API, can be found on the OTX UI.
    var.api_token: MY_API_TOKEN

    # Optional filters that can be applied to retrieve only specific indicators.
    #var.types: "domain,IPv4,hostname,url,FileHash-SHA256"

    # The timeout of the HTTP client connecting to the OTX API
    #var.http_client_timeout: 120s

    # How many hours to look back for each request, should be close to the configured interval. Deduplication of events is handled by the module.
    var.lookback_range: 1h

    # How far back to look once the beat starts up for the first time, the value has to be in hours.
    var.first_interval: 400h

    # The interval to poll the API for updates
    var.interval: 5m

Any hep please!
Best regards

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.