All Apps and Add-ons
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Re: ERROR Akamai SIEM Integration with Splunk
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to fix ERROR Akamai SIEM Integration with Splunk?
James_ACN
Loves-to-Learn Everything
10-27-2021
01:49 PM
Hi All,
I'm trying to integrate Akami logs with Splunk through siem-integrator, but I'm having problems.
I've already installed Java (JRE), JDK too, but it still has errors as shown in splunkd.log.
I'm using the addon:
https://splunkbase.splunk.com/app/4310/
Has anyone in the community already been through this, or do they have an idea of what it could be?
Splunk Enterprise Version:8.2.2
Akamai-siem-splunk-connector: 1.4.9
java version "1.8.0_311"
Java(TM) SE Runtime Environment (build 1.8.0_311-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.311-b11, mixed mode)
splunkd.log
10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Message : Connection refused (Connection refused), Exception : java.lang.RuntimeException: Connection refused (Connection refused)
10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.HttpService.send(HttpService.java:462)
10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.Service.send(Service.java:1295)
10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.getValuesFromKVStore(Main.java:802)
10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.streamEvents(Main.java:449)
10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:74)
10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:48)
10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.main(Main.java:116)
10-27-2021 17:30:34.711 -0300 ERROR ExecProcessor [24326 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Caused by: java.net.ConnectException: Connection refused (Connection refused)
Thank you very much.
James \°/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Karthikeya
Communicator
a month ago
@James_ACN @javo_dlg @deepdiver @tofa please help me on the similar issue - https://community.splunk.com/t5/Getting-Data-In/Akamai-add-on-logs-are-not-populating/m-p/743241#M11...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Karthikeya
Communicator
a month ago
@James_ACN @javo_dlg @deepdiver @tofa anyone please help on this similar issue - https://community.splunk.com/t5/Getting-Data-In/Akamai-add-on-logs-are-not-populating/m-p/743241#M11...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
javo_dlg
Observer
08-19-2022
07:18 AM
Hello James,
What I did was to install the application and then create a Data Inputs with the credentials Akamai provides, like token, secret and the client URL, then the generated inputs file, was added to the add-on under the local directory and added the index and sourcetype parameters.
Cheers,
+Javo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
deepdiver
Loves-to-Learn Everything
09-14-2022
07:16 AM
Hi javo_dig,
Not having any luck with this Akamai SIEM Integration app. It spits out;
ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" javax.xml.stream.XMLStreamException: No element was found to write: java.lang.ArrayIndexOutOfBoundsException: -1
How did you manage to make this app work? I have it on a Deployer for the SHC btw. the only don't find any inputs, only the Data Inputs I find is the Akamai SIEM API which I configured properly to the Akamai Control dashboard. Can you provide detailed steps please?
Mike
aka deepdiver
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
javo_dlg
Observer
11-22-2022
01:57 PM
I have installed the application on a Heavy Forwarder, configured the initial credentials thru the data input process, and whenever need to update the credentials i do it on the command line, haven't had any java errors like that.
Probably try to install the app on the HF besides the SHC?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
James_ACN
Loves-to-Learn Everything
11-09-2021
04:55 AM
Hi All!
I still haven't been able to solve this problem.
Does anyone have any outline suggestions?
Thanks!
James \°/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tofa
Explorer
11-10-2021
03:57 AM
Hi James,
From the logs, it looks like a networking issue (either from firewall blocking the connection or some other network conditions causing it).
Did you check that you have connectivity to Akamai from your Splunk box?
Cheers!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
James_ACN
Loves-to-Learn Everything
11-10-2021
01:36 PM
Hi @tofa
Yes I checked these possibilities, whether the local Linux firewall and the network firewall or AWS Firewall and telnet tests returns connected and there are no firewalls blocking.
Thanks
James \°/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Karthikeya
Communicator
02-28-2025
05:31 AM
did you solved this @James_ACN if yes please guide me how to on-board Akamai logs to Splunk?
Get Updates on the Splunk Community!
Detecting Brute Force Account Takeover Fraud with Splunk
This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...
Buttercup Games: Further Dashboarding Techniques (Part 9)
This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Buttercup Games: Further Dashboarding Techniques (Part 8)
This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
