All Apps and Add-ons

How to fix error:ta:ms:loganalytics:log ConnectionError: ('Connection aborted.', error(104, 'Connection reset by peer'))

raja_mta
Explorer

while trying to ingest the logs from log analytics getting below error 

ERROR
pid=40806 tid=MainThread file=base_modinput.py:log_error:307 | Get error when collecting events. Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/ta_ms_loganalytics/modinput_wrapper/base_modinput.py", line 127, in stream_events self.collect_events(ew) File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/log_analytics.py", line 96, in collect_events input_module.collect_events(self, ew) File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/input_module_log_analytics.py", line 72, in collect_events response = requests.post(uri,json=search_params,headers=headers) File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/ta_ms_loganalytics/requests/api.py", line 110, in post return request('post', url, data=data, json=json, **kwargs) File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/ta_ms_loganalytics/requests/api.py", line 56, in request return session.request(method=method, url=url, **kwargs) File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/ta_ms_loganalytics/requests/sessions.py", line 488, in request resp = self.send(prep, **send_kwargs) File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/ta_ms_loganalytics/requests/sessions.py", line 609, in send r = adapter.send(request, **kwargs) File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/ta_ms_loganalytics/requests/adapters.py", line 473, in send raise ConnectionError(err, request=request) ConnectionError: ('Connection aborted.', error(104, 'Connection reset by peer'))

 

TA version is 1.0.3

Labels (2)

shivanshu1593
Builder

The error indicates an authentication failure attempt. The API 104 error code is equivalent to HTTP error code 401. Looks like the credentials might be wrong. Could you double check them, put in the fresh ones and try again.

 

##If it helps, kindly consider an upvote/accepting the answer##

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###

raja_mta
Explorer

Hi  @shivanshu1593 ,

After changing the application key also getting the same error

2022-05-24 11:09:58,455 ERROR pid=35614 tid=MainThread file=base_modinput.py:log_error:307 | Get error when collecting events. Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/ta_ms_loganalytics/modinput_wrapper/base_modinput.py", line 127, in stream_events self.collect_events(ew) File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/log_analytics.py", line 96, in collect_events input_module.collect_events(self, ew) File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/input_module_log_analytics.py", line 72, in collect_events response = requests.post(uri,json=search_params,headers=headers) File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/ta_ms_loganalytics/requests/api.py", line 110, in post return request('post', url, data=data, json=json, **kwargs) File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/ta_ms_loganalytics/requests/api.py", line 56, in request return session.request(method=method, url=url, **kwargs) File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/ta_ms_loganalytics/requests/sessions.py", line 488, in request resp = self.send(prep, **send_kwargs) File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/ta_ms_loganalytics/requests/sessions.py", line 609, in send r = adapter.send(request, **kwargs) File "/opt/splunk/etc/apps/TA-ms-loganalytics/bin/ta_ms_loganalytics/requests/adapters.py", line 473, in send raise ConnectionError(err, request=request) ConnectionError: ('Connection aborted.', error(104, 'Connection reset by peer'))

 

@jkat54  Can you help me here.

Tags (1)
0 Karma

shivanshu1593
Builder

For some reason, the entity that you're trying to connect is rejecting the authentication attempt due to invalid credentials (API error code 104 at the last line of the error log indicates the same). The error code also indicates that you're trying to post the data to the endpoint. Does your user have enough privileges to perform the operation? Does the endpoint that you're connecting accept the incoming data or requires the authentication header in a very specific format? The add-on seems to be working as expected as it connects with the endpoint to post the data, its the entity which is rejecting the authentication attempt. 

https://www.reviewboard.org/docs/manual/3.0/webapi/2.0/errors/104-login-failed/#:~:text=Your%20clien....

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
0 Karma

jkat54
SplunkTrust
SplunkTrust

I agree!  Nicely explained!

0 Karma

raja_mta
Explorer

Still its not working guys. any idea

0 Karma

jkat54
SplunkTrust
SplunkTrust

Which steps did you take to try to fix?  Your reply is too vague for me to help.

0 Karma

raja_mta
Explorer

added the new secret and verified the access on microsoft side but no luck. 

0 Karma

jkat54
SplunkTrust
SplunkTrust

What error message are you getting now?

0 Karma

raja_mta
Explorer

2022-10-31 09:41:14,147 ERROR pid=14783 tid=MainThread file=base_modinput.py:log_error:307 | Get error when collecting events. Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-ms-log**bleep**ytics/bin/ta_ms_log**bleep**ytics/modinput_wrapper/base_modinput.py", line 127, in stream_events self.collect_events(ew) File "/opt/splunk/etc/apps/TA-ms-log**bleep**ytics/bin/log_**bleep**ytics.py", line 96, in collect_events input_module.collect_events(self, ew) File "/opt/splunk/etc/apps/TA-ms-log**bleep**ytics/bin/input_module_log_**bleep**ytics.py", line 72, in collect_events response = requests.post(uri,json=search_params,headers=headers) File "/opt/splunk/etc/apps/TA-ms-log**bleep**ytics/bin/ta_ms_log**bleep**ytics/requests/api.py", line 110, in post return request('post', url, data=data, json=json, **kwargs) File "/opt/splunk/etc/apps/TA-ms-log**bleep**ytics/bin/ta_ms_log**bleep**ytics/requests/api.py", line 56, in request return session.request(method=method, url=url, **kwargs) File "/opt/splunk/etc/apps/TA-ms-log**bleep**ytics/bin/ta_ms_log**bleep**ytics/requests/sessions.py", line 488, in request resp = self.send(prep, **send_kwargs) File "/opt/splunk/etc/apps/TA-ms-log**bleep**ytics/bin/ta_ms_log**bleep**ytics/requests/sessions.py", line 609, in send r = adapter.send(request, **kwargs) File "/opt/splunk/etc/apps/TA-ms-log**bleep**ytics/bin/ta_ms_log**bleep**ytics/requests/adapters.py", line 473, in send raise ConnectionError(err, request=request) ConnectionError: ('Connection aborted.', error(104, 'Connection reset by peer'))

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...