Hello everyone,
My client wants to have access from the monitor console and HF to update certain apps and so on.
Each time they try to do a connection they get the message: Application close by the peer
02-13-2022 01:00:01.238 -0500 ERROR ApplicationUpdater [2040833 ApplicationUpdateThread] - Error checking for update, URL=https://apps.splunk.com/api/apps:resolve/checkforupgrade: Connection closed by peer
If I ran a curl from the server I got connection established:
So it's not a firewall issue.
Do I have to configure something at the splunk side?
Splunk Enterprise: 8.2.2 - over x86_64 x86_64 GNU/Linux
Thank you for your help.
I found the answer for this issue.
Splunk Splunkbase is not supported when Splunk is behind a proxy, even though the Proxy has the permissions set.
Kind Regards,
I found the answer for this issue.
Splunk Splunkbase is not supported when Splunk is behind a proxy, even though the Proxy has the permissions set.
Kind Regards,
Looks to be a known issue on Splunk v8.2.2 and I believe you can ignore it or apply the workaround provided below. Do you see any errors when you go to the manage apps configuration page? It usually tells you which TA/app has newer versions on Splunkbase.
2013-05-25 | SPL-68010 | The error thrown when your Splunk instance cannot connect to splunkbase/.../checkforupdate is not an ERROR, should be lowered to INFO. Workaround: Set server.conf [applicationsManager] allowInternetAccess = false |
https://docs.splunk.com/Documentation/Splunk/8.2.4/ReleaseNotes/KnownIssues
Hello m_pham,
Thank you so much for your answer.
But I don't get the point, the client wants to connect and I think with the parameter you are telling Splunk do not allow connections:
server.conf
[applicationsManager]
allowInternetAccess = false
The client wants to be able to see this:
But they are getting this error:
Thank you again.
Let me know if there is something that I am missing.
Kind Regards
Do you see any additional error logs in the Splunk logs? Are you able to search firewall logs to see if anything is getting blocked?
It seems to be some kind of connection issues from the looks of it. I'd get some help from the network team if they have one to pin down the issue. If you want to know what URLs are being queried in the "Browse for more apps" page, check the link below.
Check if there are any blocked messages for the dest IPs below:
nslookup apps.splunk.com
Server: <test>
Address: <test>#53
Non-authoritative answer:
Name: apps.splunk.com
Address: 52.35.142.155
Name: apps.splunk.com
Address: 54.202.124.249
Name: apps.splunk.com
Address: 52.43.137.128
Thank you @m_pham
Look what I found:
- When I run a this command from CLI curl https://splunkbase.splunk.com/api/v1/app/
I get the JSON that link displays:
That means we are able to reach the splunk API for updates from the server itself.
But from some reason from the Splunk UI we cannot reach the API.
Is there any probability that the certificate is causing the issue?
Because the only difference from Splunk UI and the direct CLI command is that I use the curl without certificate. I saw this message:
02-21-2022 21:22:56.473 -0500 WARN HttpListener [2917174 webui] - Socket error from X.X.X.X:32502 while idling: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
Thank you again.