I have some daily scripts set up on an NFS file server that are supposed to pull reports from the splunk server (splunk 6.6.4 running on Windows 2012).
The NFS server recently changed and moved to a new virtual server. The old NFS server had selinux disabled and didn't have any attribute settings configured. The new server (centos 7) did have selinux enabled so I disabled selinux and manually removed all of the selinux attributes using setfattr -x, but that didn't seem to help.
The script being used to pull the reports is:
curl -u report:report1234 -k 'https://splunk:8089/services/pdfgen/render?input-dashboard=user_account_unlocked'
("user_account_unlocked"
is the name of the report it's trying to pull)
The full script includes a line appending the output to a file on the local NFS server -
I used just the above for the sake of troubleshooting. The script does generate a PDF file but you get a "file corrupted" error when trying to open it.
When running the line above I'm getting an xml response Unauthorized, which would seem to indicate a permissions issue.
The user that originally created all the scripts isn't here anymore but he is still the owner of all of the scripts. His accounts are still active in Active Directory though.
Any suggestions?
Figured it out - the user account that was referenced in the script was missing from splunk - when I re-added it the scripts seemed to work fine. It was kind of a "well, duh!" moment when the light bulb went off