Splunk DB Connect 2: "[health.py] The user [foobar...

chrisboy68 · ‎06-29-2015

HI,

Can't view health logger in Splunk DBX 2.x and I see the following error:

06/29/2015 11:48:21 [WARNING] [health.py] The user [foobar] is not allowed to use health logger.

Dug around and I can't see where to set the permissions for this script. Any ideas?

Thanks

Chris

JoshWhaley · ‎11-13-2015

EDIT: Apparently this didn't resolve the issue.. It seemed to for awhile, but I am receiving the errors again. Please disregards the "solution" below.

After editing bin/dbx2/health.py to log the actual exception rather than "The user [user] is not allowed to use the health logger." I was able to see the following:

11/13/2015 10:27:33 [WARNING] [health.py] [HTTP 404] https://127.0.0.1:8089/servicesNS/myUsername/splunk_app_db_connect/db_connect/health/myUsername; [{'type': 'ERROR', 'code': None, 'text': "In handler 'health': Could not find object id=myUsername"}]

Navigating to the parent of this URL showed an 'admin' object, and a 'nobody' object. Doing some digging turned up healthlog.conf inside the default directory. Adding my username as a stanza (or * if you'd like everyone to have permission) to healthlog.conf inside the local directory stopped the error messages, and has seemed to resolve the issue.

chrisboy68 · ‎11-16-2015

HI, do you mind sharing your exact syntax?

i added:

[*] 
hiddens=SESSION_KEY

to: Splunk\etc\apps\splunk_app_db_connect\local\healthlog.conf and I still have the same issue.

Thanks.

Chris

JoshWhaley · ‎11-16-2015

I would think that should work, although I didn't provide any hiddens= or other parameters, and just have a line with [*]. This will use the default stanza from the default directory. Did you restart Splunk after saving the conf file?

chrisboy68 · ‎11-16-2015

Yep, I removed the extra stuff and just have:

[*]

Keep getting 11/16/2015 10:12:39 [WARNING] [health.py] The user [foobar] is not allowed to use health logger.

My healthlog.conf in the default directory looks like this:

[default]


## PY - any python function health logger
## DB - dbx2 python proxy health logger
## JP - java dbx2 proxy health logger
# do not leave spaces within items
loggers = PY,DB,JP

hiddens = SESSION_KEY,QUERY

[admin]
hiddens = SESSION_KEY

[nobody]

Any other ideas?

Tx

Chris

JoshWhaley · ‎11-16-2015

Assuming you did restart Splunk, then I'm fresh out of ideas.. What version of DB Connect are you running?

chrisboy68 · ‎11-16-2015

Thanks. 2.0.6

Chris

JoshWhaley · ‎11-16-2015

I'm on 2.0.4, so it's possible it could be something there, but that doesn't seem likely. One last idea would be to double-check the permissions on the .conf file. Other than that, I'm sorry I couldn't be of more help.

tjohnson341 · ‎11-13-2015

I'm having this issue as well, was anybody able to resolve it?

bevant · ‎07-21-2015

I have the same problem here. I've created/configured the app on one search head, and this doesn't happen, but when I deploy that app to a search head cluster, I get the error.

It only seems to affect dbx logging though, so while it's possibly stopping me from debugging my problem where DBX doesn't work in the cluster, I don't think it's actually much of a problem. 🙂

tmeader · ‎09-15-2015

Seeing the exact same issue here with DBConnect2. My user account is under the admin role already, yet it still receives this "[WARNING] [health.py] The user [xxxxxx] is not allowed to use health logger." in dbx2.log any time the Health dashboard is accessed (and everything is blank).

The admin role has been directly granted BOTH db_connect_user and db_connect_admin roles. That didn't help after I logged in/out. I've even tried directly giving my user account db_connect_user and db_connect_admin roles. Still nothing.

Any help with this? Would be EXTREMELY helpful if this dashboard actually was accessible.

Using Single Sign-On if that makes any difference.

jcoates_splunk · ‎07-08-2015

I'm pretty sure that you just need to grant your user the db_connect_user or db_connect_admin role in order to give them the right capabilities.

steven_swor · ‎02-24-2016

I downvoted this post because it doesn't fix the problem.

chrisboy68 · ‎07-10-2015

Thanks. db_connect_admin is part of the admin role. The user is me, "admin". Admin role shows the below.

Imported capabilities
db_connect_create_connection
db_connect_create_dblookup
db_connect_create_identity
db_connect_create_resource_pool
db_connect_delete_connection
db_connect_delete_dblookup
db_connect_delete_identity
db_connect_delete_resource_pool
db_connect_execute_query
db_connect_read_app_conf
db_connect_read_connection
db_connect_read_dblookup
db_connect_read_identity
db_connect_read_resource_pool
db_connect_read_rpcserver
db_connect_request_metadata
db_connect_request_status
db_connect_update_connection
db_connect_update_dblookup
db_connect_update_identity
db_connect_update_resource_pool
db_connect_update_rpcserver
db_connect_use_custom_action
db_connect_write_app_conf

Does not make sense....

Chris

Splunk DB Connect 2: "[health.py] The user [foobar] is not allowed to use health logger." Where do I change permissions for this script?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life