HTTP 401 Error seen in splunk logs while connectin...

xplore1988 · ‎09-13-2019

Hello Experts,

Please see the details below:
Flow: Web Services partner interface (Client application) => invokes SAP Middleware URL => Webseal/TAM junction URL
SAP middleware URL starts with Webseal/TAM junction url followed by interface specific details. SAP Middleware uses LDAP for authentication
Intermittent calls are failing with 401 error even though same interface using same user ID / password combination is
working fine for majority of the calls.

When we check the splunk logs, we can see the error code for some calls like HTTP 401 but it does not show the user id which is sent from the web service partner interface (source) to SAP Middleware/Webseal. is there any way or query which can display or let us know what is the used id used in the request sent by the source to SAP. We have checked but did not see any such field which could tell about this.

And also the error simply says HTTP 401 unauthorized, it does not give any logs what caused that error to happen. Need to know what is going wrong here and how we can resolve this intermittent error. Please do the needful.

xplore1988 · ‎09-17-2019

Any pointers please?

HTTP 401 Error seen in splunk logs while connecting to SAP middleware application

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation