I deployed the above app on my indexer/SH server and would like to connect to the forwarders I have. I can see them in the app list, but when clicking on details / submitting a query I get the following error:
command="forwarderquery", Error : Traceback: '('Cannot connect to proxy.', error('Tunnel connection failed: 403 Forbidden',))'. Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-forwarderquery/bin/forwarderquery.py", line 155, in <module> pagehandle = requests.get(url, auth=(USERNAME, PASSWORD) , verify=False, data=tmpdata) File "/opt/splunk/lib/python2.7/site-packages/requests/api.py", line 55, in get return request('get', url, **kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/api.py", line 44, in request return session.request(method=method, url=url, **kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/sessions.py", line 456, in request resp = self.send(prep, **send_kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/sessions.py", line 559, in send r = adapter.send(request, **kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/adapters.py", line 378, in send raise ProxyError(e) ProxyError: ('Cannot connect to proxy.', error('Tunnel connection failed: 403 Forbidden',))
I changed the passwords of the admin user on the forwarder as described in the app, but I am wondering how the indexer/SH would know it ... Also, on the indexer/SH server I have user named "admin2" not the admin.
as you see I am a bit lost. Could you perhaps help?