All Apps and Add-ons

Splunk Stream TA - Unable to ping server

thetech
Explorer

Hello all,

I have a distributed environment containing the following:

  • 3 x Search heads (1 captain)
  • 4 x Indexers clustered
  • 1 x dedicated linux server for Splunk Stream (UF + TA addon)
  • 1 x deployment server
  • 1x SHCD
  • 1x CM

The problem I am having is that for unknown reasons the dedicated splunk stream server is now unable to ping the server with the splunk stream app.

This all was working but I fear I have made a config slip up somewhere.

The Splunk stream TA is deployed to the dedicated stream server from the deployment server and contains the following files/config

  • inputs.conf
  • streamfwdlog.conf

inputs.conf -

[streamfwd://streamfwd]
splunk_stream_app_location = https://<SERVER_IP>:8000/en-us/app/splunk_app_stream/
stream_forwarder_id =
disabled = 0

I am able to successfully navigate to the stream app location

But the streamfwd logs are showing the following error message

  • stream.CaptureServer - Unable to ping server (d6e0ed72-789a-4044-95f7-7de95ddbb221): /en-us/app/splunk_app_stream/ping/ status=303

If I navigate to the same URL with "ping" appended then it returns a 404.

If you require any other info please let me know.

Regards

Labels (3)
0 Karma
1 Solution

thetech
Explorer

### Update - Resolved ###

Issue has been resolved.

All the inputs.conf files had the following URL configured:

  • 8000/en-us/app/splunk_app_stream/

The Splunk Stream TA will try and append "ping" to the URL in the inputs.conf.

The appended ping only exists on the following URL

  • 8000/en-us/custom/splunk_app_stream/

So the fix is to change the URL to en-us/custom/splunk_app_stream/  instead of en-us/app/splunk_app_stream/     in your TA inputs.conf

 

 

View solution in original post

thetech
Explorer

### Update - Resolved ###

Issue has been resolved.

All the inputs.conf files had the following URL configured:

  • 8000/en-us/app/splunk_app_stream/

The Splunk Stream TA will try and append "ping" to the URL in the inputs.conf.

The appended ping only exists on the following URL

  • 8000/en-us/custom/splunk_app_stream/

So the fix is to change the URL to en-us/custom/splunk_app_stream/  instead of en-us/app/splunk_app_stream/     in your TA inputs.conf

 

 

dm1
Contributor

This really helped me fix my problem.

this should definitely go in the Splunk Stream docs. There are numerous additions required to the docs.

Please convert your reply into an "answer"

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...