All Apps and Add-ons

Akamai Siem Integration App "call not properly authenticated"

jjobar
New Member

Hi,

I have installed the Akamai Siem App on a Heavy Forwarder and did some initial testing and besides not having proper authentication at the Akamai side, the app was working and sending data to my indexers.

After they changed something at our user level and asked us to retry I keep getting the following error messages and I can't find the root cause of them:


12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Message : HTTP 401 -- call not properly authenticated, Exception : com.splunk.HttpException: HTTP 401 -- call not properly authenticated
12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.HttpException.create(HttpException.java:84)
12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.HttpService.send(HttpService.java:500)
12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.Service.send(Service.java:1295)
12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.getValuesFromKVStore(Main.java:802)
12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.streamEvents(Main.java:455)
12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:74)
12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:48)
12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.main(Main.java:116)
12-22-2020 12:30:28.303 +0100 INFO ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, end streamEvents
12-22-2020 12:30:28.303 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" javax.xml.stream.XMLStreamException: No element was found to write: java.lang.ArrayIndexOutOfBoundsException: -1

I'm running openjdk version "1.8.0_265" which initially worked fine and I'm using the latest version of the Akamai Siem app which is 1.4.8. Splunk version is 7.3.4 and should be fine.

Anybody have some clues for this?

Regards

Labels (2)
0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.