All Apps and Add-ons

dashboards fail to load in mobile app

bablucho
Path Finder

Hi All,

i have installed the splunk cloudgateway app, configured proxy settings and have registered a device.

However i am unable to load any assigned dashboards. The mobile device displays 

'Oops, something went wrong'

mob log extracted:

[2020-12-02T14:06:52Z] [9475:] [ApplicationRequestManager] [error] CallingRequest SingleClientCallingRequest(A82153C3-AFB8-4AC4-AF2B-9118A15229B9)[parent: SingleClientRequest[requestID:A82153C3-AFB8-4AC4-AF2B-9118A15229B9 context:{SpacebridgeDashboardListCommand}]] failed with error: spacebridgeError(SpacebridgeProtobuf.Spacebridge_SpacebridgeMessage:

id: "9abdb705-9472-4f57-99b8-93e313550f12"

to: "`\232\262\205\311\317\256,\260L\323\001\330\330\vnR\247\361PEn\262\027\033\353\312\344L\221F\331"

replyToMessageId: "A82153C3-AFB8-4AC4-AF2B-9118A15229B9"

error {

  code: ERROR_MESSAGE_UNDELIVERABLE

}

)

 

dashboard status:

dash_status.PNG

Cloud app internal log:
log.PNG

appreciate any support/assistance

 

Many Thanks

Labels (2)
Tags (1)
0 Karma
1 Solution

nickhills
Ultra Champion

You would be requesting a bypass for the SSL inspection.

In other words, you would need a business case justification that the Splunk Cloud Gateway service should be allowed to pass through the proxy un-inspected.

The cloud Gateway docs say this:

  • If your proxy is running SSL decryption, it must support WebSockets or exempt prod.spacebridge.spl.mobi.

So the simplest approach is to exempt/bypass inspection for prod.spacebridge.spl.mobi (or make sure websockets are enabled)

https://docs.splunk.com/Documentation/Gateway/1.13.0/Registration/TroubleshootConnectionIssues

I am not sure that there is a documented approach for adding custom CA certificates - I would talk to Splunk Support for their recommendation on the best approach/if this is even possible - There are significant security controls built in to Spacebridge, adding additional CA certs into the trust chain could compromise this, so you maybe limited to the first option

 

If my comment helps, please give it a thumbs up!

View solution in original post

bablucho
Path Finder

thanks for the quick response!

 

yes, our proxy does SSL inspection

if i request a bypass, what exactly am i requesting to be bypassed?

also, any instructions on how to configure splunk to trust our proxy ca cert?

 

Thanks in advance 

bablucho_0-1606989370528.png

 

0 Karma

nickhills
Ultra Champion

You would be requesting a bypass for the SSL inspection.

In other words, you would need a business case justification that the Splunk Cloud Gateway service should be allowed to pass through the proxy un-inspected.

The cloud Gateway docs say this:

  • If your proxy is running SSL decryption, it must support WebSockets or exempt prod.spacebridge.spl.mobi.

So the simplest approach is to exempt/bypass inspection for prod.spacebridge.spl.mobi (or make sure websockets are enabled)

https://docs.splunk.com/Documentation/Gateway/1.13.0/Registration/TroubleshootConnectionIssues

I am not sure that there is a documented approach for adding custom CA certificates - I would talk to Splunk Support for their recommendation on the best approach/if this is even possible - There are significant security controls built in to Spacebridge, adding additional CA certs into the trust chain could compromise this, so you maybe limited to the first option

 

If my comment helps, please give it a thumbs up!

View solution in original post

bablucho
Path Finder

thanks for the quick response!

 

yes, our proxy does SSL inspection

if i request a bypass, what exactly am i requesting to be bypassed?

also, any instructions on how to configure splunk to trust our proxy ca cert?

 

Thanks in advance 🙂

0 Karma

nickhills
Ultra Champion

Is your proxy doing SSL inspection?

If so, this will break the certificate chain that SpaceBridge uses to communicate.

In environments I have worked on in the past we have requested a bypass for inspection (along with business case justification). 

This is the simplest route forwards, the alternative is to configure Splunk to trust your Proxies CA cert.

If my comment helps, please give it a thumbs up!
0 Karma

bablucho
Path Finder

following your advice i've managed to get on to a new proxy server that supports websockets. No need for SSL exemption.

At this point, the dashboard is looking alot healthier however the cloud gateway status is still displaying NOT CONNECTED

Examining the gw app internal logs there arent any errors but several debug messages stating:

2021-01-11 15:38:19,717 DEBUG [drone_mode_modular_input.app] [drone_mode_subscription_modular_input] [do_run] [105715] Drone mode modular input will not run as drone mode is not enabled

 

The mobile application dashboard still shows 'Oops, something went wrong'

 

any ideas? 

Thanks In advance

Tags (1)
0 Karma

bablucho
Path Finder

Just needed a server restart for the changes to take full effect... d'oh!

 

Status is now CONNECTED 🙂

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!