All Apps and Add-ons

TA-connectivity: Why is this add-on not working after installing on Heavy Forwarder?

r34220
Explorer

I just installed TA-connectivity on a Heavy Forwarder. When trying the test commands, I only get the following as output. Is there any fix?

[ apps]$ /opt/splunk/bin/splunk cmd splunkd print-modinput-config ping ping:///opt/splunk/etc/apps/TA-connectivity/lookups/hostfile.txt | /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/TA-connectivity/bin/ping.py
</stream>[apps]$
0 Karma
1 Solution

seunomosowon
Communicator

Hi,

I'll rewrite it over the holidays and let you know when it's updated. Actually got a patch for windows earlier in the year from another user.

View solution in original post

0 Karma

seunomosowon
Communicator

Hi,

I'll rewrite it over the holidays and let you know when it's updated. Actually got a patch for windows earlier in the year from another user.

0 Karma

r34220
Explorer

Thanks, I am on Linux. Does that patch work with Linux as well?

0 Karma

seunomosowon
Communicator

Hi again, Can you tell me what distro you're running this on?

I tried the exact same test command on CentOs 6 with the last public version of the app I have on, and it worked.
I need a little bit more info to get the same result while testing. I'll try running this on Ubuntu.

Please share the Splunk version, Linux distribution and version you're using.

Here's my result:
-bash-4.1$ /opt/splunk/bin/splunk --version
Splunk 6.5.1 (build f74036626f0c)
-bash-4.1$ cat /etc/redhat-release
CentOS release 6.7 (Final)
-bash-4.1$ /opt/splunk/bin/splunk cmd splunkd print-modinput-config ping ping:///opt/splunk/etc/apps/TA-connectivity/lookups/hostfile.txt | /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/TA-connectivity/bin/ping.py
01/15/2017 11:11:30 GMT ,action=ping succeeded,status=200,src=splunk,dst_hostname=www.google.com,dst_ip=74.125.206.147,description="icmp_seq=1 ttl=49;icmp_seq=2 ttl=49",average_rtt=105.5,packet_loss=0%01/15/2017 11:11:30 GMT ,action=ping succeeded,status=200,src=splunk,dst_hostname=www.yahoo.com,dst_ip=46.228.47.114,description="icmp_seq=1 ttl=58;icmp_seq=2 ttl=58",average_rtt=106.5,packet_loss=0%01/15/2017 11:11:30 GMT ,action=ping succeeded,status=200,src=splunk,dst_hostname=4.2.2.2,dst_ip=4.2.2.2,description="icmp_seq=1 ttl=60;icmp_seq=2 ttl=60",average_rtt=100.0,packet_loss=0%01/15/2017 11:11:30 GMT ,action=ping succeeded,status=200,src=splunk,dst_hostname=8.8.8.8,dst_ip=8.8.8.8,description="icmp_seq=1 ttl=61;icmp_seq=2 ttl=61",average_rtt=101.0,packet_loss=0%-bash-4.1$
-bash-4.1$

0 Karma

r34220
Explorer

I am not sure where all my response are going. they seem to be disappearing. Anyway, I just enabled in the inputs.conf and it seems to be working even though the "test" command is not.

Is there a way for me to have the "dst_host" be the "host" value?

0 Karma

seunomosowon
Communicator

Hi,

I'll try testing with that version over the next week. I updated the app once more just now to fix something else on windows.
Not sure I understand what you want, but I'm guessing you need to add a host extraction to your local/props.conf
I could add one to the next release, although it kind of helps to know which forwarder ran the scan.

Cheers,

0 Karma

r34220
Explorer

Understood. It does make sense to know which forwarder ran.

Thanks for your help!

0 Karma

r34220
Explorer

[bash ~]$ /opt/splunk/bin/splunk --version
Splunk 6.5.1 (build f74036626f0c)
[bash ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.6 (Santiago)
[bash ~]$ /opt/splunk/bin/splunk cmd splunkd print-modinput-config ping ping:///opt/splunk/etc/apps/TA-connectivity/lookups/hostfile.txt | /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/TA-connectivity/bin/ping.py
[bash ~]$

0 Karma

seunomosowon
Communicator

Yes, it will. Currently testing on both Windows and Linux. Thanks for waiting.

0 Karma

r34220
Explorer

Any progress updating the app?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...