Deployment Architecture

ta-forwarderquery issues with connecting to the forwarder



I deployed the above app on my indexer/SH server and would like to connect to the forwarders I have. I can see them in the app list, but when clicking on details / submitting a query I get the following error:

command="forwarderquery", Error : Traceback: '('Cannot connect to proxy.', error('Tunnel connection failed: 403 Forbidden',))'. Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-forwarderquery/bin/", line 155, in <module> pagehandle = requests.get(url, auth=(USERNAME, PASSWORD) , verify=False, data=tmpdata) File "/opt/splunk/lib/python2.7/site-packages/requests/", line 55, in get return request('get', url, **kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/", line 44, in request return session.request(method=method, url=url, **kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/", line 456, in request resp = self.send(prep, **send_kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/", line 559, in send r = adapter.send(request, **kwargs) File "/opt/splunk/lib/python2.7/site-packages/requests/", line 378, in send raise ProxyError(e) ProxyError: ('Cannot connect to proxy.', error('Tunnel connection failed: 403 Forbidden',))

I changed the passwords of the admin user on the forwarder as described in the app, but I am wondering how the indexer/SH would know it ... Also, on the indexer/SH server I have user named "admin2" not the admin.
as you see I am a bit lost. Could you perhaps help?

Kind Regards,

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...