All Apps and Add-ons

Problem getting the TA OMS inputs working version 1.3

robtun1
Explorer

Hi

I can't seem to get the modular inputs for OMS to work - I'm not receiving any data.

I've made the update for the bug for the new version of the query language.

I'm getting the following error.

07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" Traceback (most recent call last):
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/modinput_wrapper/base_modinput.py", line 127, in stream_events
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" self.collect_events(ew)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py", line 96, in collect_events
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" input_module.collect_events(self, ew)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/input_module_oms_inputs.py", line 51, in collect_events
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" token_response = context.acquire_token_with_client_credentials('https://management.core.windows.net/', application_id, application_key)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/adal/authentication_context.py", line 160, in acquire_token_with_client_credentials
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" return self._acquire_token(token_func)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/adal/authentication_context.py", line 109, in _acquire_token
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" return token_func(self)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/adal/authentication_context.py", line 158, in token_func
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" return token_request.get_token_with_client_credentials(client_secret)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/adal/token_request.py", line 316, in get_token_with_client_credentials
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" token = self._oauth_get_token(oauth_parameters)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/adal/token_request.py", line 113, in _oauth_get_token
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" return client.get_token(oauth_parameters)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/adal/oauth2_client.py", line 262, in get_token
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" verify=self._call_context.get('verify_ssl', None))
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/requests/api.py", line 110, in post
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" return request('post', url, data=data, json=json, **kwargs)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/requests/api.py", line 56, in request
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" return session.request(method=method, url=url, **kwargs)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/requests/sessions.py", line 488, in request
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" resp = self.send(prep, **send_kwargs)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/requests/sessions.py", line 609, in send
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" r = adapter.send(request, **kwargs)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/requests/adapters.py", line 487, in send
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" raise ConnectionError(e, request=request)
07-26-2018 12:03:17.948 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" ConnectionError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /7007305e-2664-4e6b-b9a4-c4d5ccfd1524/oauth2/token?api-version=1.0 (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 110] Connection timed out',))
07-26-2018 12:03:17.975 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" ERRORHTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /7007305e-2664-4e6b-b9a4-c4d5ccfd1524/oauth2/token?api-version=1.0 (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 110] Connection timed out',))
07-26-2018 12:03:18.814 +0800 ERROR ClusteringMgr - VerifyMultisiteConfig failed Error=failed method=GET path=/services/cluster/master/info/?output_mode=json master=10.xxx.xxx.xxx:8089 rv=0 gotConnectionError=1 gotUnexpectedStatusCode=0 actual_response_code=502 expected_response_code=2xx status_line="Error connecting: Connection refused" socket_error="Connection refused" remote_error=

@jkat54

0 Karma
1 Solution

jkat54
SplunkTrust
SplunkTrust

They’ve deprecated the API this app uses. I hope to release a fix soon.

Thanks!

View solution in original post

0 Karma

ips_mandar
Builder

@robtun Did you fixed the bug and able to receive OMS data?

0 Karma

jkat54
SplunkTrust
SplunkTrust

Did you see your error related to your cluster master? Need any help with that?

0 Karma

thambisetty
SplunkTrust
SplunkTrust

Hi,

Please find below link has more info.

https://answers.splunk.com/answers/655954/why-am-i-unable-to-configure-microsoft-oms-modular.html

————————————
If this helps, give a like below.
0 Karma

jkat54
SplunkTrust
SplunkTrust

They’ve deprecated the API this app uses. I hope to release a fix soon.

Thanks!

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...