All Apps and Add-ons

TA-connectivity: Why is this add-on not working after installing on Heavy Forwarder?

Explorer

I just installed TA-connectivity on a Heavy Forwarder. When trying the test commands, I only get the following as output. Is there any fix?

[ apps]$ /opt/splunk/bin/splunk cmd splunkd print-modinput-config ping ping:///opt/splunk/etc/apps/TA-connectivity/lookups/hostfile.txt | /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/TA-connectivity/bin/ping.py
</stream>[apps]$
0 Karma
1 Solution

Communicator

Hi,

I'll rewrite it over the holidays and let you know when it's updated. Actually got a patch for windows earlier in the year from another user.

View solution in original post

0 Karma

Communicator

Hi,

I'll rewrite it over the holidays and let you know when it's updated. Actually got a patch for windows earlier in the year from another user.

View solution in original post

0 Karma

Explorer

Thanks, I am on Linux. Does that patch work with Linux as well?

0 Karma

Communicator

Hi again, Can you tell me what distro you're running this on?

I tried the exact same test command on CentOs 6 with the last public version of the app I have on, and it worked.
I need a little bit more info to get the same result while testing. I'll try running this on Ubuntu.

Please share the Splunk version, Linux distribution and version you're using.

Here's my result:
-bash-4.1$ /opt/splunk/bin/splunk --version
Splunk 6.5.1 (build f74036626f0c)
-bash-4.1$ cat /etc/redhat-release
CentOS release 6.7 (Final)
-bash-4.1$ /opt/splunk/bin/splunk cmd splunkd print-modinput-config ping ping:///opt/splunk/etc/apps/TA-connectivity/lookups/hostfile.txt | /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/TA-connectivity/bin/ping.py
01/15/2017 11:11:30 GMT ,action=ping succeeded,status=200,src=splunk,dst_hostname=www.google.com,dst_ip=74.125.206.147,description="icmp_seq=1 ttl=49;icmp_seq=2 ttl=49",average_rtt=105.5,packet_loss=0%01/15/2017 11:11:30 GMT ,action=ping succeeded,status=200,src=splunk,dst_hostname=www.yahoo.com,dst_ip=46.228.47.114,description="icmp_seq=1 ttl=58;icmp_seq=2 ttl=58",average_rtt=106.5,packet_loss=0%01/15/2017 11:11:30 GMT ,action=ping succeeded,status=200,src=splunk,dst_hostname=4.2.2.2,dst_ip=4.2.2.2,description="icmp_seq=1 ttl=60;icmp_seq=2 ttl=60",average_rtt=100.0,packet_loss=0%01/15/2017 11:11:30 GMT ,action=ping succeeded,status=200,src=splunk,dst_hostname=8.8.8.8,dst_ip=8.8.8.8,description="icmp_seq=1 ttl=61;icmp_seq=2 ttl=61",average_rtt=101.0,packet_loss=0%-bash-4.1$
-bash-4.1$

0 Karma

Explorer

I am not sure where all my response are going. they seem to be disappearing. Anyway, I just enabled in the inputs.conf and it seems to be working even though the "test" command is not.

Is there a way for me to have the "dst_host" be the "host" value?

0 Karma

Communicator

Hi,

I'll try testing with that version over the next week. I updated the app once more just now to fix something else on windows.
Not sure I understand what you want, but I'm guessing you need to add a host extraction to your local/props.conf
I could add one to the next release, although it kind of helps to know which forwarder ran the scan.

Cheers,

0 Karma

Explorer

Understood. It does make sense to know which forwarder ran.

Thanks for your help!

0 Karma

Explorer

[bash ~]$ /opt/splunk/bin/splunk --version
Splunk 6.5.1 (build f74036626f0c)
[bash ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.6 (Santiago)
[bash ~]$ /opt/splunk/bin/splunk cmd splunkd print-modinput-config ping ping:///opt/splunk/etc/apps/TA-connectivity/lookups/hostfile.txt | /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/TA-connectivity/bin/ping.py
[bash ~]$

0 Karma

Communicator

Yes, it will. Currently testing on both Windows and Linux. Thanks for waiting.

0 Karma

Explorer

Any progress updating the app?

0 Karma