All Apps and Add-ons

'REST ERROR[1104]: Poster REST handler error - timed out'

fatemabw
New Member

Hi All,

After long time, we finally got the Splunk Add-on for MS Cloud Services on our Search Heads and Heavy forwarder.
I followed the steps listed in the blog: https://www.splunk.com/blog/2017/07/27/splunking-microsoft-cloud-data-part-1.html
When I add the O365 account, I get the "Timeout for getting data from the authenticating window." error on the GUI of the Heavy forwarder.
When looked into the splunkd.log file, it lists following entires regarding the REST request:

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': Traceback (most recent call last):

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/bin/runScript.py", line 78, in

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': execfile(REAL_SCRIPT_NAME)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunk_ta_ms_o365_rh_common_poster.py", line 56, in

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': admin.CONTEXT_APP_AND_USER)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 130, in init

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': hand.execute(info)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 595, in execute

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': if self.requestedAction == ACTION_EDIT: self.handleEdit(confInfo)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunktamscs/splunktaucclib/rest_handler/poster.py", line 94, in handleEdit

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': RH_Err.ctl(1104, msgx=exc)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunktamscs/splunktaucclib/rest_handler/error_ctl.py", line 149, in ctl

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': raise BaseException(err)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': BaseException: REST ERROR[1104]: Poster REST handler error - timed out

10-29-2018 15:36:52.077 -0400 ERROR AdminManagerExternal - External handler failed with code '1' and output: 'REST ERROR[1104]: Poster REST handler error - timed out'. See splunkd.log for stderr output.

Any ideas what the issue could be? and how to resolve it?

Thanks,
FBW

Tags (1)
0 Karma

fatemabw
New Member

Figured it out. It was the proxy issue, as the Forwarder is behind a proxy, had to configure the proxy setup in the correct place for the Add-on to make requests to the internet using the proxy.

Got it to working by:
There is a config file inside the apps folder under the add-on, where the proxy settings has to be explicitly mentioned.

Under: /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/local/splunk_ta_ms_o365_client_settings.conf
[proxy]
proxy_enabled = 1
proxy_rdns = 1
proxy_type = http

proxy_password = password of proxy account

proxy_port = 8000
proxy_url = proxy1.your.server.com
disabled = 0

proxy_username = user name of proxy account

Hope it's helpful to anyone who is having similar issues in future 🙂

Thanks,
Fatema.

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...