Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Apps and Add-ons
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Why is Splunk slow when using radius authenticatio...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why is Splunk slow when using radius authentication?
jonare
Engager
04-25-2022
02:59 AM
Hello
I have installed and setup RADIUS Authentication radius_auth 1.4.1, all autentiction is correct and radius user are comming up with the admin role.
The problem is that when searching a index splunk is taking a long time to fetch the data, when looking through logs I found the logs below in splunkd.log, these lines appear when running a search, alot of them. Only when using radius, not when using a local user. Seems like this is the reason for search being slow, but not sure what is going on. Can anyone help ?. Thnx
4-25-2022 11:45:24.154 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~55.19 milliseconds to execute. elapsed_msec=56
04-25-2022 11:45:24.204 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~49.04 milliseconds to execute. elapsed_msec=50
04-25-2022 11:45:24.248 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.72 milliseconds to execute. elapsed_msec=44
04-25-2022 11:45:24.293 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~44.53 milliseconds to execute. elapsed_msec=45
04-25-2022 11:45:24.342 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~49.53 milliseconds to execute. elapsed_msec=50
04-25-2022 11:45:24.397 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~54.63 milliseconds to execute. elapsed_msec=55
04-25-2022 11:45:24.453 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~54.95 milliseconds to execute. elapsed_msec=55
04-25-2022 11:45:24.496 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.16 milliseconds to execute. elapsed_msec=44
04-25-2022 11:45:24.558 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~61.56 milliseconds to execute. elapsed_msec=62
04-25-2022 11:45:24.609 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~50.98 milliseconds to execute. elapsed_msec=51
04-25-2022 11:45:24.652 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~41.98 milliseconds to execute. elapsed_msec=42
04-25-2022 11:45:24.704 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.82 milliseconds to execute. elapsed_msec=52
04-25-2022 11:45:24.756 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.36 milliseconds to execute. elapsed_msec=52
04-25-2022 11:45:24.798 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~42.03 milliseconds to execute. elapsed_msec=43
04-25-2022 11:45:24.851 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~52.72 milliseconds to execute. elapsed_msec=53
04-25-2022 11:45:24.898 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~47.39 milliseconds to execute. elapsed_msec=48
04-25-2022 11:45:24.954 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~54.91 milliseconds to execute. elapsed_msec=55
04-25-2022 11:45:24.996 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~41.97 milliseconds to execute. elapsed_msec=42
04-25-2022 11:45:25.041 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~44.70 milliseconds to execute. elapsed_msec=45
04-25-2022 11:45:25.085 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.48 milliseconds to execute. elapsed_msec=44
04-25-2022 11:45:25.135 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~50.13 milliseconds to execute. elapsed_msec=51
04-25-2022 11:45:25.183 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~47.50 milliseconds to execute. elapsed_msec=48
04-25-2022 11:45:25.237 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~54.03 milliseconds to execute. elapsed_msec=55
04-25-2022 11:45:25.290 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~52.35 milliseconds to execute. elapsed_msec=53
04-25-2022 11:45:25.334 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.71 milliseconds to execute. elapsed_msec=44
04-25-2022 11:45:25.388 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~53.50 milliseconds to execute. elapsed_msec=54
04-25-2022 11:45:25.439 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.03 milliseconds to execute. elapsed_msec=52
04-25-2022 11:45:25.490 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.24 milliseconds to execute. elapsed_msec=52
04-25-2022 11:45:25.534 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~42.78 milliseconds to execute. elapsed_msec=43
04-25-2022 11:45:25.587 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~53.18 milliseconds to execute. elapsed_msec=54
04-25-2022 11:45:25.641 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~53.47 milliseconds to execute. elapsed_msec=54
04-25-2022 11:45:25.686 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~44.53 milliseconds to execute. elapsed_msec=45
04-25-2022 11:45:25.729 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~43.21 milliseconds to execute. elapsed_msec=44
04-25-2022 11:45:25.775 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~45.34 milliseconds to execute. elapsed_msec=46
04-25-2022 11:45:25.829 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~53.74 milliseconds to execute. elapsed_msec=54
04-25-2022 11:45:25.882 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~52.27 milliseconds to execute. elapsed_msec=53
04-25-2022 11:45:25.924 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~41.69 milliseconds to execute. elapsed_msec=42
04-25-2022 11:45:25.976 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~52.32 milliseconds to execute. elapsed_msec=53
04-25-2022 11:45:26.032 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~55.64 milliseconds to execute. elapsed_msec=56
04-25-2022 11:45:26.084 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.54 milliseconds to execute. elapsed_msec=52
04-25-2022 11:45:26.136 +0200 INFO ScriptedAuthHelper [503966 TcpChannelThread] - Function=getUserInfo took ~51.70 milliseconds to execute. elapsed_msec=52
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
richgalloway
SplunkTrust
04-25-2022
05:32 AM
Did you set up Radius authentication on the indexers as well as the search heads? That's not necessary and will lead to slow searches. Only search heads need to authenticate.
---
If this reply helps you, Karma would be appreciated.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jonare
Engager
05-03-2022
03:26 AM
Thanks for reply and sorry for late answer from me !
You reply makes sense to me, I used the radius app from LukeMurphey.net to achieve autentication via radius.
Can I ask, how to I assign the autentication on indexes and search heads with this ?
Thanks in advance
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
richgalloway
SplunkTrust
05-03-2022
05:59 AM
As I mentioned in my earlier reply, do not configure authentication on indexers. If you need to sign in to an indexer, use a local account.
After installing the Radius app on your search heads, use the setup page to configure it. The app's splunkbase page has details.
---
If this reply helps you, Karma would be appreciated.
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!
Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...
If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...
Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions
Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...
Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...
Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...
