All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Cisco IPS 2.1.2: Why am I getting errors connecting to the sensor?

louis_poulin
Engager
‎01-12-2015 11:29 AM

I just installed version 2.1.2 and I just did the setup.

I have a problem connecting to my sensor. Following the documentation (http://docs.splunk.com/Documentation/AddOns/latest/CiscoIPS/Troubleshooting), I searched in Splunk (v 6.2.0) for index="_internal" sourcetype="sdee_connection" and I see the following entries : 

Mon Jan 12 14:09:08 2015 - INFO - Successfully connected to: sensor.domain.net
Mon Jan 12 14:09:04 2015 - ERROR - Attempting to re-connect to the sensor: sensor.domain.net
Mon Jan 12 14:09:04 2015 - ERROR - Exception thrown in sdee.get(): HTTPError: HTTP Error 401: Unauthorized
Mon Jan 12 14:08:47 2015 - INFO - host="sensor.domain.net" SessionID="9ca3b03d1b5b4fbc05649fdbdd0e997f" SubscriptionID="sub-4-541d4a3b"
Mon Jan 12 14:08:47 2015 - INFO - Successfully connected to: sensor.domain.net
Mon Jan 12 14:08:41 2015 - INFO - Successfully connected to: sensor.domain.net
Mon Jan 12 14:08:41 2015 - INFO - Attempting to connect to sensor: sensor.domain.net
Mon Jan 12 14:08:41 2015 - INFO - No exsisting SubscriptionID for host: sensor.domain.net

I manually tried to connect with a web browser : it works using https://sensor.domain.net and the same credentials entered during setup. The certificate is self signed on the sensor so I get the usual warnings.

Any idea what the problem is?

0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎03-01-2015 09:58 AM

Hi,

Please open a support ticket so that we can get debug logs. Between POODLE and Heartbleed and a few other gotchas, secured connections to appliances are going through a lot of flux right now.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...