All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cannot update Qualys API credentials

martin_mueller
SplunkTrust
SplunkTrust
‎01-15-2018 02:24 AM

When first entering a set of user/password credentials into the Qualys TA setup page, everything works as expected.
Once the credentials expire in the API and I attempt to update the password in the setup page, I get this error:

Encountered the following error while trying to update: Error while posting to url=/servicesNS/nobody/TA-QualysCloudPlatform/storage/passwords/

Looking at the _internal index, I can see the POST fail with a 409 status code, Conflict.

127.0.0.1 - admin [15/Jan/2018:10:28:25.948 +0100] "POST /servicesNS/nobody/TA-QualysCloudPlatform/apps/local/TA-QualysCloudPlatform/setup HTTP/1.0" 409 205 - - - 12675ms

Storing the password for a different user works and re-inserting the original user works after deleting passwords.conf, so it appears the setup page can only insert, not update a value.

Happens on various versions of Splunk including 7.0, using the latest version 1.2.3 of the Qualys TA.

Please fix updating the API user's password via the setup page.

Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-01-2018 03:15 PM

Here's the response I got from Qualys support:

In order to update the changes successfully into the Qualys TA for Splunk, please follow the below steps:

1)From Settings> Data Inputs disable the TA Inputs
2)Delete passwords.conf file.
3)Reboot the splunk instance.
4)Go to TA config in Splunk UI and give the credentials again.
5)Check if the passwords.conf file created
6)Enable TA inputs from data Inputs

Perpetual workaround, it seems 😞

Reply

martin_mueller
SplunkTrust
SplunkTrust
‎01-16-2018 02:56 AM

Thanks for letting me know that we're not alone 😄

My gut feeling says it's a problem with using the setup.xml to update credentials, it always forces a POST to the storage/passwords/_new entity, which is a create/insert... that fails when the key (=username) already exists.

0 Karma
Reply

paulbannister
Communicator
‎01-16-2018 02:40 AM

Hi There,

We had the same issue with updating our credentials on our cloud instance and to get Splunk Support to assist, apparently it is a know issue but what we did was exactly what you did.... delete the passwords.conf to allow the new credentials to take, an absolute pain as it left us without data for a few days

Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...