All Apps and Add-ons

TA-connectivity: Why is this add-on not working after installing on Heavy Forwarder?

r34220
Explorer

I just installed TA-connectivity on a Heavy Forwarder. When trying the test commands, I only get the following as output. Is there any fix?

[ apps]$ /opt/splunk/bin/splunk cmd splunkd print-modinput-config ping ping:///opt/splunk/etc/apps/TA-connectivity/lookups/hostfile.txt | /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/TA-connectivity/bin/ping.py
</stream>[apps]$
0 Karma
1 Solution

seunomosowon
Communicator

Hi,

I'll rewrite it over the holidays and let you know when it's updated. Actually got a patch for windows earlier in the year from another user.

View solution in original post

0 Karma

seunomosowon
Communicator

Hi,

I'll rewrite it over the holidays and let you know when it's updated. Actually got a patch for windows earlier in the year from another user.

0 Karma

r34220
Explorer

Thanks, I am on Linux. Does that patch work with Linux as well?

0 Karma

seunomosowon
Communicator

Hi again, Can you tell me what distro you're running this on?

I tried the exact same test command on CentOs 6 with the last public version of the app I have on, and it worked.
I need a little bit more info to get the same result while testing. I'll try running this on Ubuntu.

Please share the Splunk version, Linux distribution and version you're using.

Here's my result:
-bash-4.1$ /opt/splunk/bin/splunk --version
Splunk 6.5.1 (build f74036626f0c)
-bash-4.1$ cat /etc/redhat-release
CentOS release 6.7 (Final)
-bash-4.1$ /opt/splunk/bin/splunk cmd splunkd print-modinput-config ping ping:///opt/splunk/etc/apps/TA-connectivity/lookups/hostfile.txt | /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/TA-connectivity/bin/ping.py
01/15/2017 11:11:30 GMT ,action=ping succeeded,status=200,src=splunk,dst_hostname=www.google.com,dst_ip=74.125.206.147,description="icmp_seq=1 ttl=49;icmp_seq=2 ttl=49",average_rtt=105.5,packet_loss=0%01/15/2017 11:11:30 GMT ,action=ping succeeded,status=200,src=splunk,dst_hostname=www.yahoo.com,dst_ip=46.228.47.114,description="icmp_seq=1 ttl=58;icmp_seq=2 ttl=58",average_rtt=106.5,packet_loss=0%01/15/2017 11:11:30 GMT ,action=ping succeeded,status=200,src=splunk,dst_hostname=4.2.2.2,dst_ip=4.2.2.2,description="icmp_seq=1 ttl=60;icmp_seq=2 ttl=60",average_rtt=100.0,packet_loss=0%01/15/2017 11:11:30 GMT ,action=ping succeeded,status=200,src=splunk,dst_hostname=8.8.8.8,dst_ip=8.8.8.8,description="icmp_seq=1 ttl=61;icmp_seq=2 ttl=61",average_rtt=101.0,packet_loss=0%-bash-4.1$
-bash-4.1$

0 Karma

r34220
Explorer

I am not sure where all my response are going. they seem to be disappearing. Anyway, I just enabled in the inputs.conf and it seems to be working even though the "test" command is not.

Is there a way for me to have the "dst_host" be the "host" value?

0 Karma

seunomosowon
Communicator

Hi,

I'll try testing with that version over the next week. I updated the app once more just now to fix something else on windows.
Not sure I understand what you want, but I'm guessing you need to add a host extraction to your local/props.conf
I could add one to the next release, although it kind of helps to know which forwarder ran the scan.

Cheers,

0 Karma

r34220
Explorer

Understood. It does make sense to know which forwarder ran.

Thanks for your help!

0 Karma

r34220
Explorer

[bash ~]$ /opt/splunk/bin/splunk --version
Splunk 6.5.1 (build f74036626f0c)
[bash ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.6 (Santiago)
[bash ~]$ /opt/splunk/bin/splunk cmd splunkd print-modinput-config ping ping:///opt/splunk/etc/apps/TA-connectivity/lookups/hostfile.txt | /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/TA-connectivity/bin/ping.py
[bash ~]$

0 Karma

seunomosowon
Communicator

Yes, it will. Currently testing on both Windows and Linux. Thanks for waiting.

0 Karma

r34220
Explorer

Any progress updating the app?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...