All Apps and Add-ons

Connection to Loopback Address - Not working with Palo Alto Networks Add-on

willadams
Contributor

I downloaded the Palo Alto Networks Add-on to pull down feeds from the MineMeld Service.  I have configured the Palo Alto TA with the relevant credentials and output node feed URL's as per our configuration.  I have configured proxy settings and can confirm that my instance is attempting a connection.  However I noted that when the Palo Alto TA runs to fetch this, I note on the proxy that the "connectionpool.py" in the "Splunk_TA_paloalto_minemeld_feed.log" is starting new HTTPS requests to the loop back adapter (i.e. 127.0.0.1).

I have other TA's installed that have their own proxy configurations and these tend to work as expected.  Any thoughts on what might be happening here?

"MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\modinput_wrapper\base_modinput.py", line 127, in stream_events
self.collect_events(ew)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\minemeld_feed.py", line 72, in collect_events
input_module.collect_events(self, ew)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\input_module_minemeld_feed.py", line 78, in collect_events
kvs_entries = pull_from_kvstore(helper, name, start, stats)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\input_module_minemeld_feed.py", line 45, in inner
ret_val = func(*args)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\input_module_minemeld_feed.py", line 120, in pull_from_kvstore
parameters={'query': json.dumps({'splunk_source': name})})
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\modinput_wrapper\base_modinput.py", line 476, in send_http_request
proxy_uri=self._get_proxy_uri() if use_proxy else None)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\splunk_aoblib\rest_helper.py", line 43, in send_http_request
return self.http_session.request(method, url, **requests_args)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 390, in send
conn = self.get_connection(request.url, proxies)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 290, in get_connection
proxy_manager = self.proxy_manager_for(proxy)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 184, in proxy_manager_for
**proxy_kwargs
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 43, in SOCKSProxyManager
raise InvalidSchema("Missing dependencies for SOCKS support.")
InvalidSchema: Missing dependencies for SOCKS support.

DateTimeStamp,039 INFO pid=183272 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
DateTimeStamp,352 INFO pid=154016 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
DateTimeStamp,655 INFO pid=16340 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1

Labels (1)
0 Karma

willadams
Contributor

Anyone come across this?

 

 

0 Karma
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...