Splunk Enterprise

Why is Secure Gateway Status Not Connected?

token2
Path Finder

I had the Splunk Cloud Gateway installed before it was standard (Splunk 7.x) and working, with alerts and dashboards accessible from my phone.  I believe during a license update that stripped my account (new terms allows for only one account, so admin) broke it (stopped getting alerts).  Since its a home lab and not prod I didn't dig into it.

Now that I am digging into it, the gateway dashboard is showing this:

token2_0-1627864538134.png

 

SPL:  index=_internal source=*cloud* ERROR AND NOT SUBSCRIPTION

Shows this:

token2_1-1627864586863.png

I can register my device, but it can't see any dashboards, it seems to time out.

There seems to be a vacuum in google as to troubleshooting this except talk of using proxies.  I am not running a proxy.

What could the issue be?

Labels (1)
0 Karma

token2
Path Finder

Additional info from one of the troubleshooting dashboards:

token2_0-1627865345258.png

 

 

0 Karma

joshiro
Communicator

We are having this same issue on Splunk Enterprise 8.2.6 on prem with Splunk Secure Gateway 2.7.4, according to the firewall rules the connection port 443 outbound to the host prod.spacebridge.spl.mobi is allowed.

When we run the following rest command:

| rest "services/ssg/test_websocket" request_type="{\"versionGetRequest\": {}}" request_mode=clientSingleRequest

We get this output:

auth_code_status = 200
completed_client_registration = 0
error = 'token_id'
server_registration_status = 400
splunk_server = server
wss_response = 0


The error traceback in _internal is:

2022-05-09 11:22:58,148 ERROR [rest_base] [__init__] [exception] [4772] Spacebridge error
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/splunk_secure_gateway/bin/spacebridgeapp/rest/util/helper.py", line 13, in extract_parameter
    result = obj[key]
KeyError: 'self_register'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/splunk_secure_gateway/bin/spacebridgeapp/rest/base_endpoint.py", line 53, in handle
    res = self.handle_request(request)
  File "/opt/splunk/etc/apps/splunk_secure_gateway/bin/spacebridgeapp/rest/base_endpoint.py", line 86, in handle_request
    return self.post(request)
  File "/opt/splunk/etc/apps/splunk_secure_gateway/bin/spacebridgeapp/rest/registration/saml_registration_handler.py", line 70, in post
    self_register = extract_parameter(request['query'], SELF_REGISTER_LABEL, QUERY_LABEL)
  File "/opt/splunk/etc/apps/splunk_secure_gateway/bin/spacebridgeapp/rest/util/helper.py", line 15, in extract_parameter
    raise Errors.SpacebridgeRestError('Error: Request requires %s parameter "%s"' % (source_name, key), 400)
spacebridgeapp.rest.util.errors.SpacebridgeRestError: Error: Request requires query parameter "self_register"


Did you managed to solve this issue?

Tags (1)
0 Karma

token2
Path Finder

token2_0-1627888284854.png

 

I can delete devices, I can somewhat register a device (error at the end of the process telling me to contact the admin).

token2_1-1627888351169.png

 

Thankfully production doesn't use this, but seems shaky for a built in app.

0 Karma

token2
Path Finder

I had to revert my VM from a snapshot back to Splunk 8.0.1 using Splunk Cloud Gateway instead of Secure Gateway.  It now works, I can register my device and check dashboards.

 

0 Karma

glenp42
Observer

Did you ever get this resolved using SSG? 

I'm having the **exact** same issue with 8.2.x docker in my LAB setup.

0 Karma

token2
Path Finder

Never fixed it, I just restored to an older version of Splunk 7 and forgoing the update to 8.

0 Karma
Get Updates on the Splunk Community!

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...