All Apps and Add-ons
Highlighted

Why am I getting "An unexpected TLS packet was received" trying to install Splunk for Palo Alto Networks in Splunk Light 6.3.2 on Ubuntu 14.04.3 LTS?

New Member

Hello,

I'm trying to install the Splunk for Palo Alto Networks Addin/App for Splunk onto an instance of Splunk Light running on top of Ubuntu 14.04.3 LTS. The installation instructions indicate the package may be downloaded directly (which I have done) or installed from git.

I have attempted the git method, but I am getting an error as below:

fatal: unable to access 'https://github.com/PaloAltoNetworks-BD/SplunkforPaloAltoNetworks.git/': gnutls_handshake() failed: An unexpected TLS packet was received.

I'm not sure how to handle the direct download installation method. There doesn't appear to be instructions for this. I downloaded the .tgz and extracted to the /opt/splunk/etc/apps directory and restarted Splunk, but I don't see anything. Note that I am using Splunk Light and not Splunk Enterprise - I don't think the light version supports downloading apps from the apps homepage as is described in the documentation.

By the way, I am pretty inexperienced with Splunk so I apologize in advance if I omitted anything here.

Any help would be appreciated. Thank you.

0 Karma
Highlighted

Re: Why am I getting "An unexpected TLS packet was received" trying to install Splunk for Palo Alto Networks in Splunk Light 6.3.2 on Ubuntu 14.04.3 LTS?

New Member

Sorry I forgot to say Splunk is running as Splunk Light Version 6.3.2. We do have a license - it is not the free version.

0 Karma
Highlighted

Re: Why am I getting "An unexpected TLS packet was received" trying to install Splunk for Palo Alto Networks in Splunk Light 6.3.2 on Ubuntu 14.04.3 LTS?

Builder

Hi mjung,

The Palo Alto Networks App for Splunk is an App for Splunk Enterprise, not Splunk Light. Compatibility is indicated on the app's homepage: https://splunkbase.splunk.com/app/491

0 Karma
Highlighted

Re: Why am I getting "An unexpected TLS packet was received" trying to install Splunk for Palo Alto Networks in Splunk Light 6.3.2 on Ubuntu 14.04.3 LTS?

Splunk Employee
Splunk Employee

In general, packaged apps are not supported inside of Splunk Light - I think that this includes 3rd party apps that are prebuilt.
http://www.splunk.com/en_us/products/splunk-light/splunk-light-vs-splunk-enterprise.html

Also the error you're seeing is likely to do with git, not anything Splunk related. You might be able to use apt-get to install a version of git that supports openssl instead of gnutls, but that's an Ubuntu / git thing, not a Splunk thing.
http://askubuntu.com/questions/186847/error-gnutls-handshake-failed-when-connecting-to-https-servers

0 Karma