Hello All,
This is my first time posting to Splunk Community. I've found a lot of value here and hope you all are doing well.
I have an add-on built with the Splunk Add-on Builder (I believe version 4.1.0) that contains an alert action that packages up search results and sends them to a HEC input. I am utilizing George Starcher's Python class for sending events to HEC inputs (https://github.com/georgestarcher/Splunk-Class-httpevent). The alert action works perfectly except when I enable the proxy - then I am hit with the error message:
Traceback (most recent call last):
File "/opt/splunk/etc/apps/<appname>/bin/<appname>/splunk_http_event_collector.py", line 287, in _batchThread
response = self.requests_retry_session().post(self.server_uri, data=payload, headers=headers, verify=self.SSL_verify,proxies=proxies)
File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 635, in post
return self.request("POST", url, data=data, json=json, **kwargs)
File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 587, in request
resp = self.send(prep, **send_kwargs)
File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 701, in send
r = adapter.send(request, **kwargs)
File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/adapters.py", line 499, in send
timeout=timeout,
File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connectionpool.py", line 696, in urlopen
self._prepare_proxy(conn)
File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connectionpool.py", line 964, in _prepare_proxy
conn.connect()
File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connection.py", line 359, in connect
conn = self._connect_tls_proxy(hostname, conn)
File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connection.py", line 506, in _connect_tls_proxy
ssl_context=ssl_context,
File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/util/ssl_.py", line 453, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls)
File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/util/ssl_.py", line 495, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock)
File "/opt/splunk/lib/python3.7/ssl.py", line 423, in wrap_socket
session=session
File "/opt/splunk/lib/python3.7/ssl.py", line 827, in _create
raise ValueError("check_hostname requires server_hostname")
ValueError: check_hostname requires server_hostname
Has anyone come across similar behavior? I am trying a variety of different things but this has quickly gone over my head. Any help or direction would be greatly appreciated. Please let me know what information I can provide.
Thank you.
This was resolved by altering one line in Starcher's class (line 266). Without this change, the script would error out when running through the SSL verification process.
from:
proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('https',credential_string,self.proxy_url,self.proxy_port)}
to:
proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port)}
This was resolved by altering one line in Starcher's class (line 266). Without this change, the script would error out when running through the SSL verification process.
from:
proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('https',credential_string,self.proxy_url,self.proxy_port)}
to:
proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port)}