Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable to connect to splunk rest apis via java sdk on AWS lambda

roshankande
Loves-to-Learn
‎04-28-2021 11:39 AM

Hi community,

 

Our organisation has a splunk enterprise deployment to which I am trying to connect programatically via splunk-java-sdk.

I have tested the below code on my local machine using SAM-cli (jetbrains AWS toolkit).

The code works fine after setting : 

HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);

 This is why I am certain that the credentials, host and port that I am using are the correct splunk rest credentials,host and port

However, when I deploy the same code as an AWS lambda function, it returns the below mentioned Exception.
The lambda function has a role with administrator privileges. Please help.

Code:

package helloworld;

import java.io.*;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;

import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.model.ListObjectsV2Result;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.S3ObjectSummary;
import com.splunk.*;

import com.amazonaws.services.lambda.runtime.Context;
import com.amazonaws.services.lambda.runtime.RequestHandler;
import com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent;
import com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent;

/**
 * Handler for requests to Lambda function.
 */
public class App implements RequestHandler<APIGatewayProxyRequestEvent, APIGatewayProxyResponseEvent> {

    public APIGatewayProxyResponseEvent handleRequest(final APIGatewayProxyRequestEvent input, final Context context) {
        Map<String, String> headers = new HashMap<>();
        headers.put("Content-Type", "application/json");
        headers.put("X-Custom-Header", "application/json");

        APIGatewayProxyResponseEvent response = new APIGatewayProxyResponseEvent()
                .withHeaders(headers);
        try {
            HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
            ServiceArgs loginArgs = new ServiceArgs();
            loginArgs.setUsername("username");
            loginArgs.setPassword("password");
            loginArgs.setHost("host");
            loginArgs.setPort(port);
            //loginArgs.setSSLSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
            //Service.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2); //tried both these ways too


            Service service = Service.connect(loginArgs);
            service.login();

            String mySearch = "search query";
            JobArgs jobargs = new JobArgs();
            jobargs.setExecutionMode(JobArgs.ExecutionMode.NORMAL);
            jobargs.setEarliestTime("-30m");
            jobargs.setLatestTime("now");
            Job job = service.getJobs().create(mySearch, jobargs);

            // Wait for the job to finish
            while (!job.isDone()) {
                Thread.sleep(500);
            }

            JobResultsArgs resultsArgs = new JobResultsArgs();
            resultsArgs.setOutputMode(JobResultsArgs.OutputMode.CSV);

            InputStream results = job.getResults(resultsArgs);

            final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(<region>).build();
            s3.putObject("bucket", "Object", results, new ObjectMetadata());

            return response
                    .withStatusCode(200)
                    .withBody("");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
   
}

 

My pom.xml:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>helloworld</groupId>
    <artifactId>HelloWorld</artifactId>
    <version>1.0</version>
    <packaging>jar</packaging>
    <name>A sample Hello World created for SAM CLI.</name>
    <properties>
        <maven.compiler.source>1.8</maven.compiler.source>
        <maven.compiler.target>1.8</maven.compiler.target>
    </properties>
    <dependencies>
        <dependency>
            <groupId>com.amazonaws</groupId>
            <artifactId>aws-lambda-java-core</artifactId>
            <version>1.2.1</version>
        </dependency>
        <dependency>
          <groupId>com.amazonaws</groupId>
          <artifactId>aws-lambda-java-events</artifactId>
          <version>3.6.0</version>
        </dependency>
        <dependency>
          <groupId>junit</groupId>
          <artifactId>junit</artifactId>
          <version>4.13.1</version>
          <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>com.splunk</groupId>
            <artifactId>splunk</artifactId>
            <version>1.6.5.0</version>
        </dependency>
        <dependency>
            <groupId>com.amazonaws</groupId>
            <artifactId>aws-java-sdk-s3</artifactId>
            <version>1.11.837</version>
        </dependency>
        <dependency>
            <groupId>com.amazonaws</groupId>
            <artifactId>aws-java-sdk-sts</artifactId>
            <version>1.11.837</version>
        </dependency>
        <dependency>
            <groupId>com.amazonaws</groupId>
            <artifactId>aws-java-sdk-iam</artifactId>
            <version>1.11.837</version>
        </dependency>
    </dependencies>
    <repositories>
        <repository>
            <id>splunk-artifactory</id>
            <name>Splunk Releases</name>
            <url>https://splunk.jfrog.io/splunk/ext-releases-local</url>
        </repository>
    </repositories>
    <build>
      <plugins>
        <plugin>
          <groupId>org.apache.maven.plugins</groupId>
          <artifactId>maven-shade-plugin</artifactId>
          <version>3.2.4</version>
          <configuration>
          </configuration>
          <executions>
            <execution>
              <phase>package</phase>
              <goals>
                <goal>shade</goal>
              </goals>
            </execution>
          </executions>
        </plugin>
      </plugins>
    </build>
</project>

 

Exception:

 

java.lang.RuntimeException: Connection timed out (Connection timed out)
at com.splunk.HttpService.send(HttpService.java:409)
at com.splunk.Service.send(Service.java:1293)
at com.splunk.HttpService.post(HttpService.java:308)
at com.splunk.Service.login(Service.java:1122)
at com.splunk.Service.login(Service.java:1101)
at com.splunk.Service.connect(Service.java:187)
at helloworld.App.handleRequest(App.java:46)
at helloworld.App.handleRequest(App.java:27)
at lambdainternal.EventHandlerLoader$PojoHandlerAsStreamHandler.handleRequest(EventHandlerLoader.java:180)
at lambdainternal.EventHandlerLoader$2.call(EventHandlerLoader.java:902)
at lambdainternal.AWSLambda.startRuntime(AWSLambda.java:340)
at lambdainternal.AWSLambda.<clinit>(AWSLambda.java:63)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at lambdainternal.LambdaRTEntry.main(LambdaRTEntry.java:150)
Caused by: java.net.ConnectException: Connection timed out (Connection timed out)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:666)
at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:173)
at sun.net.NetworkClient.doConnect(NetworkClient.java:180)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1156)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1050)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
at com.splunk.HttpService.send(HttpService.java:403) (edited) 

 

 

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...

Splunk Answers Content Calendar, June Edition II

Get ready to dive into Splunk Dashboard panels this week! We'll be tackling common questions around ...

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...
Top