Deployment Architecture

ta-forwarderquery issues with connecting to the forwarder

damucka
Builder

Hello,

I deployed the above app on my indexer/SH server and would like to connect to the forwarders I have. I can see them in the app list, but when clicking on details / submitting a query I get the following error:

command="forwarderquery", Error : Traceback: '('Cannot connect to proxy.', error('Tunnel connection failed: 403 Forbidden',))'. Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-forwarderquery/bin/forwarderquery.py", line 155, in <module> pagehandle = requests.get(url, auth=(USERNAME, PASSWORD) , verify=False, data=tmpdata) File "/opt/splunk/lib/python2.7/site-packages/requests/api.py", line 55, in get return request('get', url, **kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/api.py", line 44, in request return session.request(method=method, url=url, **kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/sessions.py", line 456, in request resp = self.send(prep, **send_kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/sessions.py", line 559, in send r = adapter.send(request, **kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/adapters.py", line 378, in send raise ProxyError(e) ProxyError: ('Cannot connect to proxy.', error('Tunnel connection failed: 403 Forbidden',))

I changed the passwords of the admin user on the forwarder as described in the app, but I am wondering how the indexer/SH would know it ... Also, on the indexer/SH server I have user named "admin2" not the admin.
as you see I am a bit lost. Could you perhaps help?

Kind Regards,
Kamil

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...