All Apps and Add-ons

Splunk Add-on Builder Proxy Errors- Alert action works perfectly except when I enable proxy

jmartin_pro
Explorer

Hello All,

This is my first time posting to Splunk Community. I've found a lot of value here and hope you all are doing well.

I have an add-on built with the Splunk Add-on Builder (I believe version 4.1.0) that contains an alert action that packages up search results and sends them to a HEC input. I am utilizing George Starcher's Python class for sending events to HEC inputs (https://github.com/georgestarcher/Splunk-Class-httpevent). The alert action works perfectly except when I enable the proxy - then I am hit with the error message:

 

 

Traceback (most recent call last):
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/splunk_http_event_collector.py", line 287, in _batchThread
    response = self.requests_retry_session().post(self.server_uri, data=payload, headers=headers, verify=self.SSL_verify,proxies=proxies)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 635, in post
    return self.request("POST", url, data=data, json=json, **kwargs)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/adapters.py", line 499, in send
    timeout=timeout,
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connectionpool.py", line 696, in urlopen
    self._prepare_proxy(conn)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connectionpool.py", line 964, in _prepare_proxy
    conn.connect()
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connection.py", line 359, in connect
    conn = self._connect_tls_proxy(hostname, conn)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connection.py", line 506, in _connect_tls_proxy
    ssl_context=ssl_context,
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/util/ssl_.py", line 453, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/util/ssl_.py", line 495, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock)
  File "/opt/splunk/lib/python3.7/ssl.py", line 423, in wrap_socket
    session=session
  File "/opt/splunk/lib/python3.7/ssl.py", line 827, in _create
    raise ValueError("check_hostname requires server_hostname")
ValueError: check_hostname requires server_hostname

 

 

 Has anyone come across similar behavior? I am trying a variety of different things but this has quickly gone over my head. Any help or direction would be greatly appreciated. Please let me know what information I can provide.

Thank you.

Labels (3)
0 Karma
1 Solution

jmartin_pro
Explorer

This was resolved by altering one line in Starcher's class (line 266). Without this change, the script would error out when running through the SSL verification process.

from:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('https',credential_string,self.proxy_url,self.proxy_port)}

 to:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port)}

  

View solution in original post

0 Karma

jmartin_pro
Explorer

This was resolved by altering one line in Starcher's class (line 266). Without this change, the script would error out when running through the SSL verification process.

from:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('https',credential_string,self.proxy_url,self.proxy_port)}

 to:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port)}

  

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...