All Apps and Add-ons

Splunk Add-on Builder Proxy Errors- Alert action works perfectly except when I enable proxy

jmartin_pro
Explorer

Hello All,

This is my first time posting to Splunk Community. I've found a lot of value here and hope you all are doing well.

I have an add-on built with the Splunk Add-on Builder (I believe version 4.1.0) that contains an alert action that packages up search results and sends them to a HEC input. I am utilizing George Starcher's Python class for sending events to HEC inputs (https://github.com/georgestarcher/Splunk-Class-httpevent). The alert action works perfectly except when I enable the proxy - then I am hit with the error message:

 

 

Traceback (most recent call last):
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/splunk_http_event_collector.py", line 287, in _batchThread
    response = self.requests_retry_session().post(self.server_uri, data=payload, headers=headers, verify=self.SSL_verify,proxies=proxies)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 635, in post
    return self.request("POST", url, data=data, json=json, **kwargs)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/adapters.py", line 499, in send
    timeout=timeout,
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connectionpool.py", line 696, in urlopen
    self._prepare_proxy(conn)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connectionpool.py", line 964, in _prepare_proxy
    conn.connect()
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connection.py", line 359, in connect
    conn = self._connect_tls_proxy(hostname, conn)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connection.py", line 506, in _connect_tls_proxy
    ssl_context=ssl_context,
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/util/ssl_.py", line 453, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/util/ssl_.py", line 495, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock)
  File "/opt/splunk/lib/python3.7/ssl.py", line 423, in wrap_socket
    session=session
  File "/opt/splunk/lib/python3.7/ssl.py", line 827, in _create
    raise ValueError("check_hostname requires server_hostname")
ValueError: check_hostname requires server_hostname

 

 

 Has anyone come across similar behavior? I am trying a variety of different things but this has quickly gone over my head. Any help or direction would be greatly appreciated. Please let me know what information I can provide.

Thank you.

Labels (3)
0 Karma
1 Solution

jmartin_pro
Explorer

This was resolved by altering one line in Starcher's class (line 266). Without this change, the script would error out when running through the SSL verification process.

from:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('https',credential_string,self.proxy_url,self.proxy_port)}

 to:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port)}

  

View solution in original post

0 Karma

jmartin_pro
Explorer

This was resolved by altering one line in Starcher's class (line 266). Without this change, the script would error out when running through the SSL verification process.

from:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('https',credential_string,self.proxy_url,self.proxy_port)}

 to:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port)}

  

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...