All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

ODBC Driver and Splunk 4.3.3 - anybody able to make it work?

capnjosh
Explorer
‎02-23-2015 09:30 PM

Does the Splunk ODBC driver work when pointed at a Splunk 4.3.3 server? I'm hoping there is a trick to make it work.

I've gone through the various troubleshooting steps to outlined below to get the ODBC driver to connect to Splunk Enterprise 4.3.3 from Tableau 8.3:

Made sure the port was 8089 and that there were no firewalls preventing access (tested with telnet and actually browsing to it)

Made sure to use https in the connection string

Tested with both the 64-bit and 32-bit ODBC drivers.

configured the ODBC system DSN to point at the correct URL and use valid username/password (admin-level even).

Confirmed the URL and creds used in the SSH can actually log in (browsing to the URL and logging in)

Looked at Splunkd logs and I see the following:
A new Splunk Connection always results in "Invalid username or password". However, on the Splunk machine in audit.log I can see "user=mytestuser, action=login attempt, info=succeeded][n/a]". And I can confirm functionality by intentionally submitting an incorrect password, noting the audit.log showed "user=mytestuser, action=login attempt, info=failed][n/a]".

Tags (2)
0 Karma
Reply

capnjosh
Explorer
‎02-24-2015 12:34 PM

I've confirmed I can connect as expected to a trial Splunk 6.2.1 instance (and query it) from the same client that is exhibiting problems when connecting to a Splunk 4.3.3 instance (always throwing "invalid username/password" error).

I've made sure the permissions look the same in both instances.

I've seen the browsing path is the same on both instances when browsing on port 8089 with a web browser (the links are all the same and I can see saved searches on the 4.3.3 instance just like I can see them on the 6.2.1 instance).

0 Karma
Reply

capnjosh
Explorer
‎02-25-2015 07:03 PM

Some progress, and possibly some answers. But I'm not sure if I'm at a dead end yet.

I created a few VMs and installed Splunk 4.3.3, 4.3.4, 4.3.7, 5.0, and 6.2.1. Then I tried out connecting to each one with Tableau 8.3.

Here's the kicker:
When Tableau 8.3 connects to Splunk to list the "tables" (saved searches) it calls this URL:

https://sp437:8089/servicesNS/admin/-/saved/searches?f=eai%3Aacl&search=disabled%3DFalse&sort_dir=as...

In Splunk versions 5.x+ it's happy. In Splunk versions prior to 5.0 it throws an error with this: 

In handler 'savedsearch': Argument "output_mode" is not supported by this handler.

The problem is specifically with the "output_mode=json" part. Splunk 5.0+ handles it while earlier versions are not.

I saw some mention in other places that seemed to indicate installing the "xml2json" may fix it. However, just blandly doing so didn't do it for me.

Soo.... the problem is now specifically that I need to get the ?output_mode=json bit to work on Splunk 4.x. Has anyone done that?

0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎03-03-2015 09:09 PM

Ahem.... Splunk 4.x is out of maintenance/support for almost two years now and the ODBC driver is a tad bit younger than that, so I would suspect your effort may be futile.
May I ask what is preventing you to upgrade your 4.x deployment to something a bit more current?
You'll probably save yourself a lot of headache.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...
Top