All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Elasticsearch Data integrator Stops ingesting logs intermittently to Splunk

keen
Loves-to-Learn Lots
‎07-21-2025 11:55 AM

We are running Elasticsearch Data integrator -modular input to ingest logs from elasticsearch to Splunk. However, the app only works when Splunk is restarted and the app stops working a few minutes later until the next time Splunk is restarted again.

Error message:

ERROR PersistentScript [3778898 PersistentScriptIo] - From {/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/TA_elasticsearch_data_integrator___modular_input_rh_settings.py persistent}: f"Failed to get password of realm={self._realm}, user={user}."

Can you help fix the problem?

 

Labels (2)
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎07-21-2025 12:46 PM

Hi @keen 

Its odd that it would work once but then stop with that error. As far as I know, the settings page within the app only has a single encrypted value which is proxy_password - are you using a proxy with the input?

Are there any other error lines around the one you posted which might provide more information?

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply

keen
Loves-to-Learn Lots
‎07-28-2025 10:38 AM

No, I am not using proxy however when I set the Time Format, Time_prefix and MAX_TIMESTAMP_LOOKAHEAD it started working.

Thanks for your help.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...