Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Apps and Add-ons
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Why is Splunk slow when using radius authenticatio...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why is Splunk slow when using radius authentication?
jonare
Engager
04-25-2022
02:59 AM
Hello
I have installed and setup RADIUS Authentication radius_auth 1.4.1, all autentiction is correct and radius user are comming up with the admin role.
The problem is that when searching a index splunk is taking a long time to fetch the data, when looking through logs I found the logs below in splunkd.log, these lines appear when running a search, alot of them. Only when using radius, not when using a local user. Seems like this is the reason for search being slow, but not sure what is going on. Can anyone help ?. Thnx
4-25-2022 11:45:24.154 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~55.19 milliseconds to execute. elapsed_msec=56
04-25-2022 11:45:24.204 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~49.04 milliseconds to execute. elapsed_msec=50
04-25-2022 11:45:24.248 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.72 milliseconds to execute. elapsed_msec=44
04-25-2022 11:45:24.293 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~44.53 milliseconds to execute. elapsed_msec=45
04-25-2022 11:45:24.342 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~49.53 milliseconds to execute. elapsed_msec=50
04-25-2022 11:45:24.397 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~54.63 milliseconds to execute. elapsed_msec=55
04-25-2022 11:45:24.453 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~54.95 milliseconds to execute. elapsed_msec=55
04-25-2022 11:45:24.496 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.16 milliseconds to execute. elapsed_msec=44
04-25-2022 11:45:24.558 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~61.56 milliseconds to execute. elapsed_msec=62
04-25-2022 11:45:24.609 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~50.98 milliseconds to execute. elapsed_msec=51
04-25-2022 11:45:24.652 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~41.98 milliseconds to execute. elapsed_msec=42
04-25-2022 11:45:24.704 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.82 milliseconds to execute. elapsed_msec=52
04-25-2022 11:45:24.756 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.36 milliseconds to execute. elapsed_msec=52
04-25-2022 11:45:24.798 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~42.03 milliseconds to execute. elapsed_msec=43
04-25-2022 11:45:24.851 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~52.72 milliseconds to execute. elapsed_msec=53
04-25-2022 11:45:24.898 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~47.39 milliseconds to execute. elapsed_msec=48
04-25-2022 11:45:24.954 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~54.91 milliseconds to execute. elapsed_msec=55
04-25-2022 11:45:24.996 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~41.97 milliseconds to execute. elapsed_msec=42
04-25-2022 11:45:25.041 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~44.70 milliseconds to execute. elapsed_msec=45
04-25-2022 11:45:25.085 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.48 milliseconds to execute. elapsed_msec=44
04-25-2022 11:45:25.135 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~50.13 milliseconds to execute. elapsed_msec=51
04-25-2022 11:45:25.183 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~47.50 milliseconds to execute. elapsed_msec=48
04-25-2022 11:45:25.237 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~54.03 milliseconds to execute. elapsed_msec=55
04-25-2022 11:45:25.290 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~52.35 milliseconds to execute. elapsed_msec=53
04-25-2022 11:45:25.334 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.71 milliseconds to execute. elapsed_msec=44
04-25-2022 11:45:25.388 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~53.50 milliseconds to execute. elapsed_msec=54
04-25-2022 11:45:25.439 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.03 milliseconds to execute. elapsed_msec=52
04-25-2022 11:45:25.490 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.24 milliseconds to execute. elapsed_msec=52
04-25-2022 11:45:25.534 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~42.78 milliseconds to execute. elapsed_msec=43
04-25-2022 11:45:25.587 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~53.18 milliseconds to execute. elapsed_msec=54
04-25-2022 11:45:25.641 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~53.47 milliseconds to execute. elapsed_msec=54
04-25-2022 11:45:25.686 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~44.53 milliseconds to execute. elapsed_msec=45
04-25-2022 11:45:25.729 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.21 milliseconds to execute. elapsed_msec=44
04-25-2022 11:45:25.775 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~45.34 milliseconds to execute. elapsed_msec=46
04-25-2022 11:45:25.829 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~53.74 milliseconds to execute. elapsed_msec=54
04-25-2022 11:45:25.882 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~52.27 milliseconds to execute. elapsed_msec=53
04-25-2022 11:45:25.924 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~41.69 milliseconds to execute. elapsed_msec=42
04-25-2022 11:45:25.976 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~52.32 milliseconds to execute. elapsed_msec=53
04-25-2022 11:45:26.032 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~55.64 milliseconds to execute. elapsed_msec=56
04-25-2022 11:45:26.084 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.54 milliseconds to execute. elapsed_msec=52
04-25-2022 11:45:26.136 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.70 milliseconds to execute. elapsed_msec=52
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
richgalloway
SplunkTrust
04-25-2022
05:32 AM
Did you set up Radius authentication on the indexers as well as the search heads? That's not necessary and will lead to slow searches. Only search heads need to authenticate.
---
If this reply helps you, Karma would be appreciated.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jonare
Engager
05-03-2022
03:26 AM
Thanks for reply and sorry for late answer from me !
You reply makes sense to me, I used the radius app from LukeMurphey.net to achieve autentication via radius.
Can I ask, how to I assign the autentication on indexes and search heads with this ?
Thanks in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
richgalloway
SplunkTrust
05-03-2022
05:59 AM
As I mentioned in my earlier reply, do not configure authentication on indexers. If you need to sign in to an indexer, use a local account.
After installing the Radius app on your search heads, use the setup page to configure it. The app's splunkbase page has details.
---
If this reply helps you, Karma would be appreciated.
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!
[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events
This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...
Enter the Agentic Era with Splunk AI Assistant for SPL 1.4
🚀 Your data just got a serious AI upgrade — are you ready?
Say hello to the Agentic Era with the ...
Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
