Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Venafi logs have stopped ingesting into Splunk

splunker545
Engager
‎07-01-2019 12:48 PM

Venafi logs stopped ingesting into Splunk.

We have appropriate role created and capabilities(edit_tcp) also attached
when we tested with dev environment below errors appearing from Venafi end 

"An error occurred while connecting to splunk-dev.XXXXX:8089.  Error: 401: Unauthorized
  Warning: Login failed  Details:    at Splunk.Client.Response.d__b.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at Splunk.Client.Response.d__4.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at Splunk.Client.Service.d__b.MoveNext()"

Below are the internal logs generated from Splunk side:

07-01-2019 14:43:45.929 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX  source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
7/1/19
2:39:31.621 PM  
07-01-2019 14:39:31.621 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
7/1/19
3:00:57.328 AM  
07-01-2019 03:00:57.328 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
6/30/19
3:02:55.905 AM  
06-30-2019 03:02:55.905 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX  source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
6/29/19
3:13:47.592 AM  
06-29-2019 03:13:47.592 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
6/28/19
9:56:27.005 AM  
06-28-2019 09:56:27.005 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd

Note: Venafi application hosted in Windows server
please provide your insights ,TIA

0 Karma
Reply

woodcock
Esteemed Legend
‎07-01-2019 03:10 PM

The log could hardly be more clear. The user that is being used to access the logs ( venafi_input ) is no longer valid. Fix that user or create a new one and switch to using the new one.

0 Karma
Reply

splunker545
Engager
‎07-02-2019 01:00 PM

thanks Woodcock, i guess that works , let me try that

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...