Hi,
I`m trying to make an API request from my local machine to our Splunk Cloud instance, without much success.
Checked the Firewall logs and I can`t see any blocked/denied traffic.
Using:
- curl 7.29.0
- nss-3.90
Error received:
* Host myDomain.splunkcloud.com:8089 was resolved.
* IPv6: (none)
* IPv4: xx.xx.xx.xxx
* Trying xx.xx.xx.xxx:8089...
* Connected to myDomain.splunkcloud.com (xx.xx.xx.xxx) port 8089
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* Recv failure: Connection was reset
* schannel: failed to receive handshake, SSL/TLS connection failed
* closing connection #0
curl: (35) Recv failure: Connection was reset
Depending on your environment you may need to add an environmental variable for a proxy server.
This allows apps to be "proxy aware" in cases where they are not.
You can test it out on windows using the setx command.
setx https_proxy <your proxy server ip>:443
setx http_proxy <your proxy server ip>:443
I know what your are thinking - "it is over port 8089" not "443" but try it out, it worked for me.
Hi @tomapatan
You mentioned that there are no blocks on your internal firewall - are there multiple egress IPs that your connection can connect out on? Are all possible egress IPs allow-listed in Splunk Cloud for Mgmt port / API access to the SHs?
If you havent already, you can configure the allow list via:
Splunk Web - https://docs.splunk.com/Documentation/SplunkCloud/9.3.2408/Admin/ConfigureIPAllowList
ACS API - https://docs.splunk.com/Documentation/SplunkCloud/9.3.2408/Config/ConfigureIPAllowList
ACS CLI - https://docs.splunk.com/Documentation/SplunkCloud/9.3.2408/Config/ACSCLI
Please let me know how you get on and consider accepting this answer or adding karma this answer if it has helped.
Regards
Will
Thanks Will,
I`ve already configured the allow list, although you made a valid point and there`s a high chance that I`ve not listed all possible IPs - something I need to look at.
I had another look at the firewall logs and found a field called vendor_action=server-rst - I would imagine this means the connection was reset by the server, although not entirely sure why.