All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I getting error "No credentials for IPS...were found!" resulting in no data received from new sensors added to the Splunk Add-on for Cisco IPS?

faol
Explorer
‎04-20-2015 09:57 AM

I have the Splunk Add-on for Cisco IPS installed and am receiving data from some Cisco IPS devices. I can add additional connections configured which is successful, but I do not receive any data from them. I see a number of the following error messages in sdee_get.log.

Mon Apr 13 16:35:50 2015 - No credentials for IPS xxx.xxx.xxx.xxx were found!

I have confirmed the credentials are entered correctly, and that they are properly created in the app.conf file. Why can't the Add-on get them?

Reply
1 Solution
Solved! Jump to solution
Solution

bpaul_splunk
Splunk Employee
Splunk Employee
‎04-20-2015 09:59 AM

Why don’t I receive data from new sensors added to the Splunk Add-on for Cisco IPS?

There is a limitation in the number of credentials the Splunk Add-on for Cisco IPS is able to retrieve.  This issue is being tracked on ADDON-3724 and SPL-99756.  Until the next release of the add-on, You may use the following work-around to resolve this.

1. Navigate to the $SPLUNK_HOME/etc/apps/Splunk_TA_cisco-ips/bin/ directory

2. Edit the get_ips_feed.py file

3. Line 55 should look like the following:

entities = entity.getEntities(['storage', 'passwords'],
namespace=APPNAME, owner='nobody', sessionKey=sessionKey)

4. Add count=’-1’ after the sessionKey entity so the line looks like the line below.

entities = entity.getEntities(['storage', 'passwords'],
namespace=APPNAME, owner='nobody', sessionKey=sessionKey, count='-1')

5. Save the file.

6. Restart Splunk

You should no longer receive the error messages in the sdee_get.log file, and your data should start getting indexed.

View solution in original post

Reply
Solved! Jump to solution
Solution

bpaul_splunk
Splunk Employee
Splunk Employee
‎04-20-2015 09:59 AM

Why don’t I receive data from new sensors added to the Splunk Add-on for Cisco IPS?

There is a limitation in the number of credentials the Splunk Add-on for Cisco IPS is able to retrieve.  This issue is being tracked on ADDON-3724 and SPL-99756.  Until the next release of the add-on, You may use the following work-around to resolve this.

1. Navigate to the $SPLUNK_HOME/etc/apps/Splunk_TA_cisco-ips/bin/ directory

2. Edit the get_ips_feed.py file

3. Line 55 should look like the following:

entities = entity.getEntities(['storage', 'passwords'],
namespace=APPNAME, owner='nobody', sessionKey=sessionKey)

4. Add count=’-1’ after the sessionKey entity so the line looks like the line below.

entities = entity.getEntities(['storage', 'passwords'],
namespace=APPNAME, owner='nobody', sessionKey=sessionKey, count='-1')

5. Save the file.

6. Restart Splunk

You should no longer receive the error messages in the sdee_get.log file, and your data should start getting indexed.

Reply
Solved! Jump to solution

bwooden
Splunk Employee
Splunk Employee
‎04-20-2015 10:10 AM

Note, this applies to problems retrieiving credentials in Splunk Add-on for Cisco IPS 2.1.3 and below. As bpaul_splunk mentions, the next version will ship with this update.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...