All Apps and Add-ons

Kafka connector: Is it possible to get data from kafka into splunk saas?

silviu3009
Loves-to-Learn Lots

Hello, it is possible to get data from kafka into splunk saas?

Labels (1)
0 Karma

silviu3009
Loves-to-Learn Lots

X509 certificate (CN=splunkbase.splunk.com,O=Splunk Inc.,L=San Francisco,ST=California,C=US) common name (splunkbase.splunk.com) did not match any allowed names (apps.splunk.com,cdn.apps.splunk.com) 

0 Karma

silviu3009
Loves-to-Learn Lots

if I use curl ignoring the certificate, it work; if I try to use kafka connect, not work. I imported certificate, create keystore, trying to use it when I create the connector, but not success till now

 

0 Karma

silviu3009
Loves-to-Learn Lots

in kafka connect I keep getting this kind of error -> ERROR [Consumer clientId=consumer-11, groupId=connect-kafka-connect-splunk] Connection to node -2 failed authentication due to: Authentication failed, invalid credentials (org.apache.kafka.clients.NetworkClient:663); I did created and another token, nothing changed

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust
0 Karma

silviu3009
Loves-to-Learn Lots

yes, but I did not found  a way to connect the connector to cloud splunk HEC using https - I get authentication failure all the time 😞

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

That sounds issue with either HEC or the configuration on Kafka side for sending data to HEC.

Please look at the Splunk logs, and Kafka configuration once.

0 Karma

silviu3009
Loves-to-Learn Lots

I think is a certificate issue. On Splunk Cloud I see that HEC it have by default SSL enabled.

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust
I hope your issue got resolved.
Please check with Splunk support once about the certificate.
If you have error logs or something please post them.
0 Karma

silviu3009
Loves-to-Learn Lots

This is one error that I can see on splunk cloud side ->received fatal SSL3 alert. ssl_state='SSLv3 read client key exchange A', alert_description='unknown CA' . The other is about the certificate not match the server name...

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

Sounds more like an issue with setting up an SSL certificate. Can you please check with the Splunk cloud team?

Generally, this is where the configuration has to be placed: inputs.conf

[http]
disabled = 0
index = main
enableSSL = 1
serverCert = <full path to your certificate chain pem file>
sslPassword = <password for server key used in chain>

 

0 Karma

silviu3009
Loves-to-Learn Lots

yeah,  but that is for server that you manage; not sure if any support is offered for free instances. cause I think this is the solution - to create my certificate and support to import it on saas instance. Not understand why HEC is default created with SSL, cause that prevent to use it since certificate is not there...

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust
In the global HEC settings, you should see the SSL setting as well.
0 Karma

silviu3009
Loves-to-Learn Lots

Yes, is there, checked and grey out. I cannot uncheck. So , I cannot remove SSL from the HEC

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...