Splunk Cloud Platform
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Connection to <stack>.splunkcloud.com timed out

cipher
Explorer
2 weeks ago

Hi all,
I’ve been using the Splunk API to fetch alert data via /search/jobs/{sid}/results. For authentication, I’m using a Splunk token. When I run my script to retrieve the data, I encounter the following error. However, if I rerun the code a few times, I’m eventually able to fetch the data successfully.

I’m confident this is not related to any firewall restrictions. Could someone please help me understand how to resolve this issue?

ERROR:app.services.splunk_connector:HTTPSConnectionPool(host='<stack>.splunkcloud.com', port=8089): Max retries exceeded with url: /services/search/jobs/{sid}/results?output_mode=csv&count=0&output_results_fields=%2A (Caused by ConnectTimeoutError(<HTTPSConnection(host='<stack>.splunkcloud.com', port=8089) at 0x20189cf1310>, 'Connection to <stack>.splunkcloud.com timed out. (connect timeout=None)'))

 

Labels (1)
Labels
Tags (2)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
2 weeks ago
Have you tried to use curl with -v to get more information? And as @livehybrid said ensure that your nodes where you are running this script are using known IP.
Are you using proxy or other screening infra between you and SCP?
Is this gone broken or hasn’t worked ever?
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
2 weeks ago

Hi @cipher 

Its interesting that it works sometimes - I have seen this before when a customer hadnt allowed all the relevant IPs in the Search head IP allowlist (https://yourStack.splunkcloud.com/en-US/manager/search/manage_system_config/ip_allow_list)

Often organisations have an outbound proxy and/or pool of NAT IP addresses for outbound connections which means that each request could appear from a different IP address.  Are you able to confirm that all your organisation egress IPs are allowlisted against the Search Head API allow list? 

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply

cipher
Explorer
2 weeks ago

Hi @livehybrid , I’ve confirmed with my team that all egress IPs are allow‑listed against the Search Head API.

This setup was working fine earlier, but recently, when I attempted to run some automation, the issue appeared.

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
2 weeks ago

Hi @cipher 

i am not much sure of this issue, but i thought to suggest you...
for SplunkCloud, you could raise a Support ticket and you should receive good support from Splunk Support team. thanks. 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...