All Apps and Add-ons

Add-on Builder Certificate Location

LH_Splunker
Explorer

Hey everyone, 

I currently have a use case for which I set up a Splunk Enterprise environment in an Ubuntu VM (VMware) and want to build an app with the Add-on Builder, which uses a Python Script as Input Method to make an API-Call to get my data into Splunk. That's the goal at least.  

The VM communicates with the Internet just fine (even if via proxy) and my python script gets the data from the API-Endpoint.

However, if I try to enter the proxy credentials from my VM into the Configuration of the Add-on Builder I get the following Error: "There was a problem connecting to the App Certification service. The service might not be available at this time, or you might need to verify your proxy settings and try again." 

Now, assuming that I did not mess up the proxy credentials, my next best bet would be that I need to give my Splunk environment a certificate to adequately communicate with the proxy. So we finally reach my question: 

Where would I need to place such a certificate file in the directory structure, so that the the Splunk add-on app can find it?  

Labels (1)
0 Karma

deepakc
Builder

I don’t think this is a cert issue, if you use the AOB it tries to validate your app for being certified for the online certificate validation service, basically been given a stamp of approval and needs the below:

"Enter the login settings for your Splunk.com account. This information is required for the app precertification process"

You normally get this via your sales process. 

For the proxy part, it could be incorrect credentials

I don’t think it’s a cert issue but could be wrong.  

There is a section on the AOB for where self-signed certs should go, but I think this is  red herring

https://docs.splunk.com/Documentation/AddonBuilder/4.1.4/UserGuide/ConfigureDataCollection

LH_Splunker
Explorer

Hi deepakc, 

 

thanks for the quick reply. 

The thing is, I have only started to build the app but never finished it. So now it shows up as a 'husk' of an app so to speak and has no data collection finished yet. 

However, you were right that the error I've seen has something to do with the validation process. And I'm now trying to make heads and tails from the _internal logs as suggested by splunk (which read for example that the props.conf file of the new app is missing, which indeed it is because I haven't finished setting it up yet.) 

I will update on potential findings, once I've combed through the logs and tried to remedy the missing files. 

0 Karma

LH_Splunker
Explorer

Hi deepakc and all, 

took a while but I finally got around to solve this, even if in a far from elegant way.

The error message appears to indeed belong to the certification process of AOB like deepakc mentioned. It's sort of a check if your app uses the best-practices or has risks etc. However, this is unlikely to have been the cause for why I wasn't able to get my data, despite my instance being able to connect to the internet. 

However, there is one simple workaround: 

--> Simply set the "verify" parameter in your http-request to "false".

E.g: 


response = helper.send_http_request("<your api link here>, "GET", parameters=None, payload=None, headers=headers, cookies=None, verify=False, cert=None, timeout=None, use_proxy=True)

It's a little ugly solution but for test-purposes it does the job and I was finally able to receive the data from my API-Point. 

This is probably not adivsable for productive systems or security reasons, though. 

Thanks for the helpful input though and everyone else have fun while splunking! 

Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...