home

Mobile Endpoint Security

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Mobile Endpoint Security

Integrating MES with your Splunk Environment

Handling Errors

When the application is functioning normally, the UI updates the Event Count, Last Fetched, and Current Stream Position fields. Use the "Refresh" button in the bottom right of the plugin to loan the most recent data, the UI does not automatically refresh.

Field Behavior
Last Fetched Increments by the configured interval. The timestamp displayed for the last fetch uses the local timezone setting of Splunk.
Event Count Increments when the Mobile Risk API generates events.
Current Stream Position Increments when the Mobile Risk API generates events.

All Splunk customers can access Splunk’s splunkd.log file. See the Splunk documentation for how to access the log file on both enterprise and cloud.

Hint: On Splunk Cloud, copy the following into the search bar in the Search & Reporting application:

index=_internal sourcetype=splunkd source="/opt/splunk/var/log/splunk/splunkd.log"

Only Splunk Enterprise customers can download the application’s app.log file directly from the Splunk server. This is because of technical restrictions on the application’s powers within a Splunk Cloud instance versus Splunk Enterprise.

To download the application’s app.log file (Enterprise customers):

  • Click Download Logs on the Manage Connections page when not in edit mode.

To support Splunk Cloud customers, some debugging information displays in the UI in the case of an error retrieving events. Any exception that the python script throws during event retrieval for a connection is logged to the connection’s lookout_mra_history record and then appears as an error message in the UI. This may not capture exactly what is happening with the application in which case, search the splunkd.log file for Lookout related messages. Additionally, the plugin’s full application log is searchable using Splunk’s Search & Reporting app. This is true for both Splunk Enterprise and Splunk Cloud.

Enter this line into the Search & Reporting application:

index=_internal source="/opt/splunk/var/log/splunk/lookout_mobile_threat_defense_for_splunk.log"

Lookout directs almost all logging to the lookout_mobile_threat_defense_for_splunk.log file located at <SPLUNK_HOME>/var/log/splunk/. The file has been relocated to splunk’s logging directory as it allows the log to be searchable via the Search & Reporting app

The only time messages should appear in Splunk’s main log file splunkd.log is if there is an unhandled exception, which should be very rare.

Last updated: September 30, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.