Monitoring Splunk

Splunk DB connect: The java bridge is: loading.... (+ page is reloaded in a endless loop)

psobisch
Path Finder

The dbquery commands seem to be working, but the status query of the java bridge doesn't work.
We found out, that there is a REST call:

/en-GB/custom/dbx/dbx/status?nocache=............

which fails with HTTP 401 error.
We've tried out the call manually by typing it directly into the browser, we've got:

401 Unauthorized
...
No permission -- see authorization schemes
...
You are logged ino splunk:8000 as userA which is conected ....

We found some ansers here and we've tried to follow all steps with reinstall of DBX from the scratch (after removing the dbx app) but we didn't have any success.
We went through the splunk installation and removed also all other files and directories which looked like they were a part of the app (persistantstorage and others) and did it again.
Nothing.

The problem appears just right after a clean installation after confirming that the installation is successful, then one will be forwarded to the status page and the page keeps reloading again and again.

I think the root cause seems to be the permission issue, but we cannot identify what that means.
Do you have any further ideas?

Thanks in advance!
Peter

0 Karma

psobisch
Path Finder

Splunk 6.1.2, db connect 1.1.4.

But we solve it now, see my last post. Thanks!

0 Karma

psobisch
Path Finder

Now we've solved this problem.

We have LDAP integrated authentification, it seems like that:

LDAP_User -> LDAP_SplunkAdminGroup -[group mapping]-> SplunkAdminRole

(the Splunk-group "SplunkAdminRole" inherits from Splunk-group "admin")

The "admin" Group inherits from "power", "user" and (!) "dbx_user" and has further manually selected capabilities. This way it works for any other capabilities except DB Connect 😕
It strange, because I can see that the capability "db_capable" is definitely there.

But, If I put "dbx_user" as Inheritance inside of Group-Mapping (that means: die LDAP group is mapped to "SplunkAdminGroup" AND "dbx_user"), then it works, so most probably we would create a new LDAP group for it and map it to "dbx_user" and then grant the permissions in LDAP.

Now it looks like that:

LDAP_User -> LDAP_SplunkAdminGroup -[group mapping]-> SplunkAdminRole,dbx_user

It is really weird behavior!
What I'm asking me is: is it a issue of splunk or DB connect app?

mkinsley_splunk
Splunk Employee
Splunk Employee

What version of DBX and Splunk are you using? As far as I know, role inheritance works just fine, but just to factor out any inheritance-related issues , can you test with dbx_user assigned directly to the user?

0 Karma

eqalisken
Explorer

It is caused when the dbx_user role is added to a role. Instead the dbx_user role should be added to a user.

0 Karma

psobisch
Path Finder

can you explain more?

Normally it doesn't matter if a role inherits from another role, this is a common use case.

0 Karma

vicvaughan
Explorer

I'm also interested. I believe I'm having a similar issue with dbx2.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...