Splunk Enterprise

Unable to update app using GUI

New Member

Hi all, when I try to update any installed apps from the GUI I receive a 500 internal error.

Checking the _internal logs I see this:
File "/opt/splunk/lib/python3.7/site-packages/splunk/rest/__init__.py", line 655, in simpleRequest raise splunk.ResourceNotFound(uri) splunk.ResourceNotFound: [HTTP 404]

I am on 9.0.3. I don't have a proxy setup. And all my file permissions are fine.
Hope someone can help on this one.


0 Karma

Splunk Employee
Splunk Employee


I will be putting this reply to the posts that I can find.  I know it's a late reply to some. But hope this will help you all.  And anyone having similar issues in the future.

The issue I will be discussing here is when Splunk update does NOT update from Splunk Web. And when you search for the error you find similar to this:
splunk.ResourceNotFound: [HTTP 404]

Explanation on how really it works:

When you try to update the app Splunk Web makes a call to itself on port 8089 for SplunkD   at /services/apps/remote/entriesbyid/<your_app> e.g. ->

which you can check yourself by simple CURL:

curl -k --user "admin:changeme"


This call is getting proxied via SplunkD process to the internet which would end up calling  https://splunkbase.splunk.com/api/apps/entriesbyid/<your_app>

which you can check yourself by simple CURL:

curl -k  https://splunkbase.splunk.com/api/apps/entriesbyid/Splunk_TA_windows


Now the issues here can be numerous from here on. To give some examples:

  1. Splunk has issues accessing internet from SplunkD process
  2. Certificate chain was changed. By default it is configured in server.conf
    sslVerifyServerCert = false
  3. Proxy and/or Firewall in the middle which is changing certificates.

One of the ways you can check for networking issues for that is do a tcpdump for packet capture and check the SSL Conversation:
tcpdump -i <interface> -s 65535 port 443 -w /tmp/port443.pcap

That's for people who are familiar what packet capture looks like and can understand it's contents.

Dmitrii T.
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out &gt;&gt; As our brave ...