All Apps and Add-ons
Highlighted

DUO Splunk Connector: Error "Validation for scheme=duo failed: The script returned with exit status 1" while trying to set up Modular Input for DUO logs

Splunk Employee
Splunk Employee

When attempting to fill out the inputs for DUO logs in the UI, we get the following cryptic error...

Encountered the following error while trying to save: Splunkd daemon is not responding: ("Error connecting to /servicesNS/emcdaniel/duo_splunkapp/data/inputs/duo_input: ('The read operation timed out',)",)

We also saw the following in splunkd logs

07-20-2016 18:45:36.396 -0400 WARN  ModularInputs - Validation for scheme=duo failed: The script returned with exit status 1.

Anyone have any idea what is happening here?

0 Karma
Highlighted

Re: DUO Splunk Connector: Error "Validation for scheme=duo failed: The script returned with exit status 1" while trying to set up Modular Input for DUO logs

Splunk Employee
Splunk Employee

Just wanted to answer my own question here since we were able to figure out what was going on here.

  1. You populate your DUO information in the Modular Inputs section of Splunk Web
  2. You click next/continue to save your Modular Inputs config
  3. Behind the scenes Splunk asks the Mod Input to validate that your input settings, and it does so by calling the main DUO python script in validation mode
  4. For the DUO input, the validation of your settings consists of attempting to connect to the DUO web servers with your provided credentials
  5. Splunk Mod Inputs framework expects the validate function to return in under 3 seconds (as of 6.5.x) and once it takes longer than that, splunk forcibly terminates the python script and returns a cryptic error to the UI
  6. Since validation failed, your inputs.conf file is never created

If you figure this out, or you just give up and create your inputs.conf file manually, everything works fine because the validation workflow above only occurs when building out your modular inputs from the UI. The 3 second timeout only applies to validation of your inputs when building the input config. The timeout for the script when actually fetching the data (if one exists at all) is sufficiently long enough to fetch the data.

View solution in original post

Highlighted

Re: DUO Splunk Connector: Error "Validation for scheme=duo failed: The script returned with exit status 1" while trying to set up Modular Input for DUO logs

Motivator

I'm having this same problem. I can see that ~/etc/apps/duosplunkapp/default/inputs.conf has fields for ikey, skey and apihost, but where does the name (requested in the Duo Splunk Input setup screen) go?

Highlighted

Re: DUO Splunk Connector: Error "Validation for scheme=duo failed: The script returned with exit status 1" while trying to set up Modular Input for DUO logs

Explorer

Did you ever figured that out?

0 Karma
Highlighted

Re: DUO Splunk Connector: Error "Validation for scheme=duo failed: The script returned with exit status 1" while trying to set up Modular Input for DUO logs

Motivator

No, I never did. A co-worker wrote a custom app and we chucked this one

0 Karma
Highlighted

Re: DUO Splunk Connector: Error "Validation for scheme=duo failed: The script returned with exit status 1" while trying to set up Modular Input for DUO logs

Explorer

Oh, man... I'm trying everything I can, but no success so far. Very frustrating.

Thanks for the quick response!

0 Karma