All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Domain Tools for Splunk App not working properly

harshsri21
New Member
‎07-12-2017 07:55 AM

Hi,

We are encountering the below error while accessing the Domain Tools for Splunk App on each dashboard.

"External search command 'domaintools' returned error code 1. Script output = "ERROR An unknown error occurred: Could not get TA-domaintools credentials from splunk. Error: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/TA-domaintools/admin/passwords "

While we cannot access this tool with FAAS SAML authentication for accounts with not admin privileges, but can successfully access it via local admin accounts.
So is it something that somewhere credentials have been broken for this app or is there a role that can be mapped to the users to access it.

Kindly help in understanding and resolving this.

0 Karma
Reply

markkendrick
Path Finder
‎07-12-2017 05:08 PM

HI - thanks for trying out our app. Here's the details on how to solve this from the readme file in our TA:

"Much of this app functionality requires the user to have the "list_storage_passwords" capability in Splunk. If the user(s) who will be using this app do not have that capability, there is an added "domaintools_user" role included with the app. Add this role to the user(s) and they will be able to use this app. This capability will allow users to decrypt passwords stored by apps, though, so make sure you are okay with that."

The reason for that is because our app uses Splunk's built in credential store. There are some downsides to using that, and this is one of them, so we are building a new version of the app that will use a more direct method that is still secure. You should see that in Splunk Base within the next week, but if you want it sooner, message me directly and we'll get it to you.

Were you able to get the bulk Whois and Reputation Score enrichment working on your proxy logs?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...