All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

'REST ERROR[1104]: Poster REST handler error - timed out'

fatemabw
New Member
‎10-29-2018 12:45 PM

Hi All,

After long time, we finally got the Splunk Add-on for MS Cloud Services on our Search Heads and Heavy forwarder.
I followed the steps listed in the blog: https://www.splunk.com/blog/2017/07/27/splunking-microsoft-cloud-data-part-1.html
When I add the O365 account, I get the "Timeout for getting data from the authenticating window." error on the GUI of the Heavy forwarder.
When looked into the splunkd.log file, it lists following entires regarding the REST request:

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': Traceback (most recent call last):

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/bin/runScript.py", line 78, in

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': execfile(REAL_SCRIPT_NAME)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunk_ta_ms_o365_rh_common_poster.py", line 56, in

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': admin.CONTEXT_APP_AND_USER)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 130, in init

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': hand.execute(info)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 595, in execute

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': if self.requestedAction == ACTION_EDIT: self.handleEdit(confInfo)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunktamscs/splunktaucclib/rest_handler/poster.py", line 94, in handleEdit

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': RH_Err.ctl(1104, msgx=exc)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunktamscs/splunktaucclib/rest_handler/error_ctl.py", line 149, in ctl

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': raise BaseException(err)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': BaseException: REST ERROR[1104]: Poster REST handler error - timed out

10-29-2018 15:36:52.077 -0400 ERROR AdminManagerExternal - External handler failed with code '1' and output: 'REST ERROR[1104]: Poster REST handler error - timed out'. See splunkd.log for stderr output.

Any ideas what the issue could be? and how to resolve it?

Thanks,
FBW

Tags (1)
0 Karma
Reply

fatemabw
New Member
‎11-02-2018 12:57 PM

Figured it out. It was the proxy issue, as the Forwarder is behind a proxy, had to configure the proxy setup in the correct place for the Add-on to make requests to the internet using the proxy.

Got it to working by:
There is a config file inside the apps folder under the add-on, where the proxy settings has to be explicitly mentioned.

Under: /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/local/splunk_ta_ms_o365_client_settings.conf
[proxy]
proxy_enabled = 1
proxy_rdns = 1
proxy_type = http

proxy_password = password of proxy account

proxy_port = 8000
proxy_url = proxy1.your.server.com
disabled = 0

proxy_username = user name of proxy account

Hope it's helpful to anyone who is having similar issues in future 🙂

Thanks,
Fatema.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...