All Apps and Add-ons

Getting error while trying to get elastic search data in Splunk

AKG1_old1
Builder

Hello,

we are trying to get elastic search data in Splunk.

Apps we are using:
https://splunkbase.splunk.com/app/4175/

we are getting following errors

10-29-2019 12:46:32.869 +0100 ERROR ExecProcessor - message from "python /hp737srv2/apps/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/elasticsearch_json.py" AttributeError: 'NoneType' object has no attribute 'strip'

Configuration (inputs.conf):

[elasticsearch_json://test1]
date_field_name = timestamp
elasticsearch_indice = *
elasticsearch_instance_url = http://hp707srv:10000
index = mlc_test
interval = 60
lower_or_equal = now
use_ssl = 0
port = 10000
disabled = 0

We are using same URL in Grafana and its working fine.

Thanks

0 Karma
1 Solution

gaurav_maniar
Builder

Hi,

Please share more error logs from the app.

The error message in not related to any URL, it is just python error on null variable value.
By investigating further, I'm able track it back to some CA certificate path related values are null.

opt_ca_certs_path = helper.get_arg('ca_certs_path')
opt_ca_certs_path = opt_ca_certs_path.strip()

If you are aware any configuration related to CA Certificates, that might solve your issue.
Otherwise please share some more error logs.

View solution in original post

0 Karma

gaurav_maniar
Builder

Hi,

Please share more error logs from the app.

The error message in not related to any URL, it is just python error on null variable value.
By investigating further, I'm able track it back to some CA certificate path related values are null.

opt_ca_certs_path = helper.get_arg('ca_certs_path')
opt_ca_certs_path = opt_ca_certs_path.strip()

If you are aware any configuration related to CA Certificates, that might solve your issue.
Otherwise please share some more error logs.

0 Karma

gaurav_maniar
Builder

Hi,

Similar issue has been resolved on following question,
https://answers.splunk.com/answers/780074/how-to-configure-the-elasticsearch-data-integrator.html#an...

Accept and upvote the answer if it helps.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...