All Apps and Add-ons

Splunk Add-on for Java Management Extension: ERROR - Failed to retrieve RMIServer stub


Even after disabling the Firewalls on the Splunk Server, and on the JMX server (WebSphere Application Server), I get these errors:

2015-08-14 15:48:33,810 - com.splunk.modinput.ModularInput -610084 [Thread-7] ERROR  - Failed to retrieve RMIServer stub: javax.naming.NamingException: Error during resolve [Root exception is org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible  vmcid: IBM  minor code: E07  completed: No]
2015-08-14 15:48:33,852 - org.exolab.castor.mapping.Mapping -610126 [Thread-7] INFO   - Loading mapping descriptors from jar:file:/opt/splunk/etc/apps/Splunk_TA_jmx/bin/lib/jmxmodinput.jar!/mapping.xml
2015-08-14 15:48:33,957 - com.splunk.modinput.ModularInput -610231 [Thread-7] INFO   - 1 servers found in stanza jmx://_Splunk_TA_jmx_:Splunk_TA_jmx:PerformanceMonitoring

Any help is welcome!

Regards Chris



I found a solution to get the addon working on a splunk indexer with WAS jmx connection and enabled administrative security.

1. Download IBM SDK
download version 7 from

2. Set environment variables


3. copy WAS' trust store to splunk instance
copy trust store to "D:/Splunk/etc/apps/Splunk_TA_jmx/trust.p12"

4. Enhance addon's

# Set to True to use the MX4J JMX implementation
# USE_MX4J = True

# Set to True to test SSL
#TEST_SSL = True
TEST_SSL = False


#BOOTPATH = build_classpath(sep.join([MODINPUT_HOME, 'bin', 'lib', 'boot']), psep)
#if USE_MX4J:
#    BOOTPATH = BOOTPATH + build_classpath(sep.join([MODINPUT_HOME, 'bin', 'lib', 'mx4j_boot']), psep)
#"-Xbootclasspath/p:" + BOOTPATH,

    #"", # unknown property was set while testing
    "\\Splunk\\etc\\apps\\Splunk_TA_jmx\\sas.client.props", # required for a secure connection to WAS
    "\\Splunk\\etc\\apps\\Splunk_TA_jmx\\ssl.client.props", # required for a secure connection to WAS
    #"", # enable this to debug
    #"", # enable this to debug
    #"\\Splunk\\etc\\apps\\Splunk_TA_jmx\\corba.log", # enable this to debug
    "-Xms" + MIN_HEAP,
    "-Xmx" + MAX_HEAP, "-Dconfighome=" + CONFIG_HOME,
    "-Dsplunkhome=" + SPLUNK_HOME, JAVA_MAIN_CLASS]
    TEST_SSL_ARGS = "" + SPLUNK_HOME + "/etc/apps/Splunk_TA_jmx/bin/mx4j.ks"
    JAVA_ARGS.insert(-1, TEST_SSL_ARGS)

5. copy sas.client.props from WAS & edit


# RMI/IIOP user identity<admin user><password>


# Does this client support stateful sessions?

# Does this client support/require BasicAuth (userid/password) client authentication?

# Does this client support/require SSL client authentication?

# Note: You can perform BasicAuth (uid/pw) and SSL client authentication (certificate)
# simultaneously, however, the BasicAuth identity will always take precedence at the server.

# Does this client support/require SSL connections?

# Does this client support/require 40-bit cipher suites when using SSL?

# Note: This property is only valid when SSL connections are supported or required.
# Does this client support/require 128-bit cipher suites when using SSL?

6. copy ssl.client.props from WAS & edit

# TrustStore information<password>

7. copy some WAS libs to addon
Copy following files from D:/IBM/WebSphere/AppServer/runtimes (WAS instance) to D:/Splunk/etc/apps/Splunk_TA_jmx/bin/lib (splunk indexer)

Regards, Jens

New Member


Just wondering if any one has found a solution to his?

Can't seem to move past this.

0 Karma

Splunk Employee
Splunk Employee

I'm wondering if you've followed the WAS directions ( ), which call for an IIOP connection rather than an RMI connection?

0 Karma


I tried to follow the "guide", but not sure if I understood everything the way it was meant, but I tried to...

The URL used, is
this is about what is written as sample in the guide.

I read this as :
jmx over iiop.

Hope it helps to get over this

Thx, Chris

0 Karma



I've the same problem. Did you have already found any solution for this?

Regards Jens

0 Karma


Hi Jens,

sorry, no helping answer so far 😞
In case I get an answer, or get itz to work somehow, I will let all know, as I thought, that others might stumble at this point as well.

Cheers, Chris

0 Karma
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...