All Apps and Add-ons

Unable to poll F5 servers from splunk for logs - Error : Fail to set active folder as partition "/Common" for Template

splunker12er
Motivator

App : Splunk Add-on for F5 BIG-IP

I already configured F5 LTM and currently its forwarding syslog to my splunk. But., in

Configure the modular inputs for the Splunk Add-on for F5 BIG-IP

after I configure the Server, templates, tasks - I didn't receive any data from the F5 servers. When i dig into the logs , I get this error message. Can someone please help how to resolve this ?

Error logs:
Location : source="/opt/splunk/var/log/splunk/Splunk_TA_f5_bigip_main.log"

2016-01-22 07:33:31,055 ERROR pid=23801 tid=Thread-17 file=F5_iControl_Template.py:_fetch:92 | Fail to set active folder as partition "/Common" for Template "call LocalLB.VirtualAddressV2.get_list against LocalLB.VirtualAddressV2.get_address;get_connection_limit;get_enabled_state;get_object_status;get_status_dependency_scope;get_traffic_group interval 60" on F5 BIGIP "http://10.x.x.x"
0 Karma

rajbir1
Explorer

Are you using FIPS cryto modules on the server where the modular inputs are running?

0 Karma

splunker12er
Motivator

Modular inputs are running on the splunk enterprise 6.3.2. this server is a new vm, and I referred to the page

https://answers.splunk.com/answers/10588/does-splunk-support-fips-140-2.html

, my server is running with default configs & modules.

0 Karma

rajbir1
Explorer

I was getting the same error because we had fips enabled on the server. After disabling fips and rebooting the box the issue was fixed.

check your /etc/grub.conf and make sure fips attribute is set to 0

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

Are you on the most recent version? Early versions assumed a single partition and IIRC there was an error like that.

0 Karma

splunker12er
Motivator

Yes , I using the latest splunk & add-on for F5 BIG-IP

0 Karma
Get Updates on the Splunk Community!

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...

What's New in Splunk Cloud Platform 9.2.2406?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2406 with many ...

Enterprise Security Content Update (ESCU) | New Releases

In August, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...