All Apps and Add-ons

Problem getting the TA OMS inputs working version 1.3

robtun1
Explorer

Hi

I can't seem to get the modular inputs for OMS to work - I'm not receiving any data.

I've made the update for the bug for the new version of the query language.

I'm getting the following error.

07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" Traceback (most recent call last):
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/modinput_wrapper/base_modinput.py", line 127, in stream_events
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" self.collect_events(ew)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py", line 96, in collect_events
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" input_module.collect_events(self, ew)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/input_module_oms_inputs.py", line 51, in collect_events
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" token_response = context.acquire_token_with_client_credentials('https://management.core.windows.net/', application_id, application_key)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/adal/authentication_context.py", line 160, in acquire_token_with_client_credentials
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" return self._acquire_token(token_func)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/adal/authentication_context.py", line 109, in _acquire_token
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" return token_func(self)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/adal/authentication_context.py", line 158, in token_func
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" return token_request.get_token_with_client_credentials(client_secret)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/adal/token_request.py", line 316, in get_token_with_client_credentials
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" token = self._oauth_get_token(oauth_parameters)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/adal/token_request.py", line 113, in _oauth_get_token
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" return client.get_token(oauth_parameters)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/adal/oauth2_client.py", line 262, in get_token
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" verify=self._call_context.get('verify_ssl', None))
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/requests/api.py", line 110, in post
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" return request('post', url, data=data, json=json, **kwargs)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/requests/api.py", line 56, in request
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" return session.request(method=method, url=url, **kwargs)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/requests/sessions.py", line 488, in request
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" resp = self.send(prep, **send_kwargs)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/requests/sessions.py", line 609, in send
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" r = adapter.send(request, **kwargs)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/requests/adapters.py", line 487, in send
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" raise ConnectionError(e, request=request)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" ConnectionError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /7007305e-2664-4e6b-b9a4-c4d5ccfd1524/oauth2/token?api-version=1.0 (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 110] Connection timed out',))
07-26-2018 12:03:17.975 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" ERRORHTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /7007305e-2664-4e6b-b9a4-c4d5ccfd1524/oauth2/token?api-version=1.0 (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 110] Connection timed out',))
07-26-2018 12:03:18.814 +0800 ERROR ClusteringMgr - VerifyMultisiteConfig failed Error=failed method=GET path=/services/cluster/master/info/?output_mode=json master=10.xxx.xxx.xxx:8089 rv=0 gotConnectionError=1 gotUnexpectedStatusCode=0 actual_response_code=502 expected_response_code=2xx status_line="Error connecting: Connection refused" socket_error="Connection refused" remote_error=

@jkat54

0 Karma
1 Solution

jkat54
SplunkTrust
SplunkTrust

They’ve deprecated the API this app uses. I hope to release a fix soon.

Thanks!

View solution in original post

0 Karma

ips_mandar
Builder

@robtun Did you fixed the bug and able to receive OMS data?

0 Karma

jkat54
SplunkTrust
SplunkTrust

Did you see your error related to your cluster master? Need any help with that?

0 Karma

thambisetty
SplunkTrust
SplunkTrust

Hi,

Please find below link has more info.

https://answers.splunk.com/answers/655954/why-am-i-unable-to-configure-microsoft-oms-modular.html

————————————
If this helps, give a like below.
0 Karma

jkat54
SplunkTrust
SplunkTrust

They’ve deprecated the API this app uses. I hope to release a fix soon.

Thanks!

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...