Getting Data In
Highlighted

Venafi logs have stopped ingesting into Splunk

Engager

Venafi logs stopped ingesting into Splunk.

We have appropriate role created and capabilities(edit_tcp) also attached
when we tested with dev environment below errors appearing from Venafi end

"An error occurred while connecting to splunk-dev.XXXXX:8089.  Error: 401: Unauthorized
  Warning: Login failed  Details:    at Splunk.Client.Response.d__b.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at Splunk.Client.Response.d__4.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at Splunk.Client.Service.d__b.MoveNext()"

Below are the internal logs generated from Splunk side:

07-01-2019 14:43:45.929 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX  source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
7/1/19
2:39:31.621 PM  
07-01-2019 14:39:31.621 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
7/1/19
3:00:57.328 AM  
07-01-2019 03:00:57.328 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
6/30/19
3:02:55.905 AM  
06-30-2019 03:02:55.905 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX  source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
6/29/19
3:13:47.592 AM  
06-29-2019 03:13:47.592 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
6/28/19
9:56:27.005 AM  
06-28-2019 09:56:27.005 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd

Note: Venafi application hosted in Windows server
please provide your insights ,TIA

0 Karma

Re: Venafi logs have stopped ingesting into Splunk

Esteemed Legend

The log could hardly be more clear. The user that is being used to access the logs ( venafi_input ) is no longer valid. Fix that user or create a new one and switch to using the new one.

0 Karma
Highlighted

Re: Venafi logs have stopped ingesting into Splunk

Engager

thanks Woodcock, i guess that works , let me try that

0 Karma