All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

ActiveMQ 5.15.4 JMS connectivity with Splunk7.1.2

dimitryz
Path Finder
‎07-26-2018 08:54 AM

Hello,
I'm unable to set up a connection between ActiveMQ 5.15.4 and JMS modular input 1.6.1.

On Splunk restart I got following error :
07-26-2018 18:52:13.488 +0300 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello B', alert_description='handshake failure'.
07-26-2018 18:52:13.488 +0300 WARN HttpListener - Socket error from 127.0.0.1 while idling: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
07-26-2018 18:52:13.760 +0300 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" Error executing modular input : No appropriate protocol (protocol is disabled or cipher suites are inappropriate) : java.lang.RuntimeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
07-26-2018 18:52:13.760 +0300 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" at com.splunk.HttpService.send(HttpService.java:326)
07-26-2018 18:52:13.760 +0300 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" at com.splunk.Service.send(Service.java:1203)
07-26-2018 18:52:13.760 +0300 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" at com.splunk.HttpService.get(HttpService.java:115)
07-26-2018 18:52:13.760 +0300 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" at com.splunk.Entity.refresh(Entity.java:375)
07-26-2018 18:52:13.760 +0300 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" at com.splunk.Entity.refresh(Entity.java:24)

I've made some checks :

JAVA_HOME=C:/Java/jdk1.8.0_121

C:\Program Files\Splunk\etc\apps\jms_ta\bin>python jms.py --scheme doesn't contains any errors.

Any attempt to create or update JMS Messaging input ( I have few from previous version)
end with errror :
Encountered the following error while trying to update: Argument validation for scheme=jms failed: The script returned with exit status 2.

Can anyone advise me on what is wrong ? Thank you!

0 Karma
Reply

dimitryz
Path Finder
‎08-15-2018 07:39 AM

Hello ,
After changing jars in \jms_ta\bin\lib folder for this list :

"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\jmsmodinput.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\splunk_tlsv12.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\jms.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\log4j-1.2.16.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-web-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-console-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-spring-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-kahadb-store-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-broker-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-jaas-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-openwire-legacy-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-client-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-protobuf-1.1.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\jcl-over-slf4j-1.7.25.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\slf4j-api-1.7.25.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\slf4j-log4j12-1.7.25.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\geronimo-jta_1.0.1B_spec-1.0.1.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\geronimo-j2ee-management_1.1_spec-1.0.1.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\geronimo-jms_1.1_spec-1.1.1.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\hawtbuf-1.11.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\splunk.jar"

I was able to get rid of the error .
However I still having problems :
Messages are taken only during restart or when I disable/enable the input.

And following error is thrown :

ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" It has been determined via the REST API that all inputs have been disabled

ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" Can't connect to Splunk REST API with the token [Splunk kCmdvKWBwD3pb5A7wfxaWZfqiFVTUl7AyDnrmLRHjbfzvwDueqNXjG6mfJIXLOual5usKoz0yDGwhze5Sw0^^n6vEYSOOCz0FMhnPmdhjDct8vMUBo], either the token is invalid or SplunkD has exited : No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

0 Karma
Reply

dimitryz
Path Finder
‎08-28-2018 05:52 AM

I've ended up using JMS modular input 1.5.1

No errors.All messages are taken on schedule

Best regards

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎07-26-2018 04:12 PM

What version of Splunk are you using ? What are your Splunk SSL settings ? the error isn't to do with the calls to ActiveMQ , it is internal callbacks to Splunk's REST API.

0 Karma
Reply

dimitryz
Path Finder
‎07-28-2018 06:48 AM

Hi Damien ,
I'm using Splunk 7.1.2 with default ssl settings :

web.conf

[settings]
enableSplunkWebSSL = 1

servers.conf

[general]
serverName = AAAAAAAA
pass4SymmKey = BBBBBB

[sslConfig]
sslPassword = CCCCCCCC

[lmpool:auto_generated_pool_download-trial]
description = auto_generated_pool_download-trial
quota = MAX
slaves = *
stack_id = download-trial

[lmpool:auto_generated_pool_forwarder]
description = auto_generated_pool_forwarder
quota = MAX
slaves = *
stack_id = forwarder

[lmpool:auto_generated_pool_free]
description = auto_generated_pool_free
quota = MAX
slaves = *
stack_id = free

[lmpool:auto_generated_pool_enterprise]
description = auto_generated_pool_enterprise
quota = MAX
slaves = *
stack_id = enterprise

[license]
active_group = Enterprise

[sslConfig]
enableSplunkdSSL = true
useClientSSLCompression = true
useSplunkdClientSSLCompression = true

enableSplunkSearchSSL has been moved to web.conf/[settings]/enableSplunkWebSSL

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...