Getting Data In

Splunk add on for Solarwinds Issues

IndyJones1345
Loves-to-Learn

Hi all,

Hope you can assist. 

I am having issues with connecting to my SolarWinds  App server via the Splunk add on. I have tested my connection via Curl from my heavy forwarder, and I can get it to connect, and pull back the query .

 

 

curl -k -v -u MyUserName https://mysolarwindsserver.local:17778/Solarwinds/InformationService/V3/JSOn/Query?query=SELECT+IPAddress+FROM+Orion.Nodes

 

 

 

The issue is, if I take take the -k out, I get this error "curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above" See below. 

Has any one seen this issue before? I have read over loads via this community, and can't seem to locate the fix. Also, when I log in to the HF and look at the Splunk Add-on for SolarWinds under the account tab it is says "loading" 

 

 

Enter host password for user 'MyUserName':
*   Trying x.x.x.x....
* TCP_NODELAY set
* Connected to mysolarwindsserver.local (x.x.x.x) port 17778 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: self signed certificate
* stopped the pause stream!
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

 

 

Thanks

 

 

Labels (1)
0 Karma

codebuilder
Influencer

It's failing because you are using a self-signed cert on your Solarwinds server.
Passing the -k flag tells curl to trust all connections, regardless of the cert. That's why the connection works using the example your provided, but not with the add-on.

You can either get a cert signed by a certificate authority or configure your server to accept insecure (http) connections (not advised).

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...