All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is Splunk UBA generating "ECONNREFUSED" error?

dlyubchenko
Engager
‎09-10-2019 10:15 AM

While troubleshooting an error with Splunk UBA that stated the Offline Models have not executed for 72 hours, and that the HR data retrieval time was timed out after 6000 ms, the "Learn More" button referenced the following error message below:

{"code":"ECONNREFUSED","errno":"ECONNREFUSED","syscall":"connect","address":"34.213.241.61","port":80,"message":"connect ECONNREFUSED 34.213.241.61:80","details":"Error from /uba/help/\nconnect ECONNREFUSED 34.213.241.61:80"}

From what I can tell the 34.213.241.61 address belongs to a Splunk DNS resolver, but I cannot find anywhere in the Splunk UBA configuration where this is referenced or why UBA is reaching out to this resolver. I am also not sure how this is associated to both of the errors I am having, and would like some advice as to where to go next with this as it feels like a red herring.

Thank you!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dlyubchenko
Engager
‎09-10-2019 11:50 AM

I ended up resolving this myself by doing the following:

sudo su - caspida
/opt/caspida/bin/Caspida stop-all
/opt/caspida/bin/Caspida start-all

I realize this was a work-around but it seemed that I had some stalled services, or resource over-utilization.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

dlyubchenko
Engager
‎09-10-2019 11:50 AM

I ended up resolving this myself by doing the following:

sudo su - caspida
/opt/caspida/bin/Caspida stop-all
/opt/caspida/bin/Caspida start-all

I realize this was a work-around but it seemed that I had some stalled services, or resource over-utilization.

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...