Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Palo Alto Networks App for Splunk: Why am I gettin...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using Splunk 6.3.1 and SplunkforPaloAltoNetworks 5.0 trying to add WildFire API Key via UI. Is there a way to just add this via config or CLI?
Encountered the following error while trying to update: In handler 'localapps': Error while posting to url=/servicesNS/nobody/SplunkforPaloAltoNetworks/storage/passwords/
If i leave the WildFire API Key blank it says "Successfully updated "SplunkforPaloAltoNetworks"."
Contents of splunk/etc/apps/SplunkforPaloAltoNetworks/local/app.conf
[install]
state = enabled
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi kmanson. Usually that error means the wildfire api key is already set. Starting in Splunk 6.3.0 the credentials and api key are now stored in local/passwords.conf instead of local/app.conf. Try deleting the passwords.conf file (or remove the wildfire api key from it), then restart Splunk. That should clear it out so you can try to add the API key again in the app configuration screen.
For example:
rm $SPLUNK_HOME/etc/apps/SplunkforPaloAltoNetworks/local/passwords.conf
$SPLUNK_HOME/bin/splunk restart
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi kmanson. Usually that error means the wildfire api key is already set. Starting in Splunk 6.3.0 the credentials and api key are now stored in local/passwords.conf instead of local/app.conf. Try deleting the passwords.conf file (or remove the wildfire api key from it), then restart Splunk. That should clear it out so you can try to add the API key again in the app configuration screen.
For example:
rm $SPLUNK_HOME/etc/apps/SplunkforPaloAltoNetworks/local/passwords.conf
$SPLUNK_HOME/bin/splunk restart
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
