- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I've setup and installed Splunk Stream in a test environment consisting of 1 single deployment and 1 universal forwarder. Everything is working as expected, and i am able to receive data from both sources.
If i try to enable "Stream Forwarder Auth" and enter the Token for the HTTP Collector, soon as i hit apply or there about the stream forwarders fail and i see 401 errors in the webaccess.log, as well as
2017-05-04 19:37:46 ERROR 11552 stream.CaptureServer - Unable to ping server (9c32732f-aa86-4b9d-8735-55d71369e32c): /en-us/custom/splunk_app_stream/ping/ status=401
in the streamfwd.log files
Clearly i am missing a configuration step.
I've read about the streamfwd.conf file and in there is is an option:
httpEventCollectorToken I've set that to be the value of the Collector token manually also but that hasn't changed anything.
does anyone have any ideas what i could try?
Thanks
Colin
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @vshcherbakov_splunk
authToken gives "Invalid key in stanza [streamfwd] in C:\Program Files\Splunk\etc\apps\Splunk_TA_stream\local\streamfwd.conf, line 5: authToken "
when in streamfwd.conf - i had already tried that. What i don't understand is that it appears to be a valid key in the standalone forwarder but not the TA. Is that expected behavior?
the README section in the TA doesn't list authToken anywhere as a valid key, neither do the defaults.
Any other suggestions?
thanks
Colin
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @vshcherbakov_splunk
authToken gives "Invalid key in stanza [streamfwd] in C:\Program Files\Splunk\etc\apps\Splunk_TA_stream\local\streamfwd.conf, line 5: authToken "
when in streamfwd.conf - i had already tried that. What i don't understand is that it appears to be a valid key in the standalone forwarder but not the TA. Is that expected behavior?
the README section in the TA doesn't list authToken anywhere as a valid key, neither do the defaults.
Any other suggestions?
thanks
Colin
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Colin,
I believe the "invalid key in stanza " error caused by a bug (namely authToken being omitted in streamfwd.conf.spec). This parameter is applicable to both independent forwarder and TA, so as a workaround I'd suggest adding it to streamfwd.conf.spec manually (ie authToken = <value>)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
excellent - that did the trick. Adding the authToken key to the Spec file in the readme folder and adding to the streamfwd.conf with the same key as in the HTTPCollector and the Forwarder Auth and everything seems to be talking.
Just need to play around to find out exactly what is needed where exactly.
Thanks for the help
Colin
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @colineltringham,
I believe you need to set the authToken parameter in streamfwd.conf to match the Stream Auth Token set up on the SH.
