All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

DB Connect 2: DBoutput tests OK, but why does the scheduled output fail to insert search results in the database with an "Unauthorized" error in dbx2.log?

jkleensang
Path Finder
‎02-03-2016 01:13 PM

Fresh install of DB Connect 2 (2.1.2) on Splunk Enterprise search head (6.3.1). We've been able to configure a Connection, Identity, and an Output and everything tests fine. However, the scheduled db output fails to insert the search results in to the database. The only error is in the dbx2.log:

02/03/2016 15:00:02 [CRITICAL] [mi_output.py] HTTP Error 401: Unauthorized

I can't find any denials in audittrail. No related errors show up in any of the internal indexes. From what I can tell, the dboutput runs as "admin", which has all perms. None of the app permissions have been changed from their default(s).

Has anyone seen this before? I feel there's something obvious I'm missing....

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jkleensang
Path Finder
‎05-13-2016 07:14 AM

This issue seems to be resolved. I had upgraded sa-ldapsearch to 2.1.3, but that didn't fix the problem. Then I upgraded splunk to 6.4.0 and didn't think it had resolved the issue, but didn't realize that the scheduled search using this connection had been disabled. When I got back around to troubleshooting this issue, I re-enabled it and everything now works as expected. Not an answer, but at least resolution!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jkleensang
Path Finder
‎05-13-2016 07:14 AM

This issue seems to be resolved. I had upgraded sa-ldapsearch to 2.1.3, but that didn't fix the problem. Then I upgraded splunk to 6.4.0 and didn't think it had resolved the issue, but didn't realize that the scheduled search using this connection had been disabled. When I got back around to troubleshooting this issue, I re-enabled it and everything now works as expected. Not an answer, but at least resolution!

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...