- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Why am I getting error "No appropriate protoco...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why am I getting error "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" running a search through the Splunk Java SDK?
I am getting the following error when I am running a search through the Splunk Java SDK:
java.lang.RuntimeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
I am using splunk-sdk-java-1.5.0 and ran the command:
java -jar dist/examples/search.jar "sourcetype=SplunkRabbitMQ_messaging | spath input=msg_body | where '3' > 0" --output_mode=csv
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had the same issue with the Splunk Java SDK 1.5 and Java8. Adding the following line before the connect() fixed it:
HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
While trying to solve this issue I found all sorts of stuff about swapping java versions and performing custom builds of the SDK. This was the solution that worked for me. Thank you Greg!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have a look at this thread.
https://answers.splunk.com/answers/209379/no-appropriate-protocol-protocol-is-disabled-or-ci.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi shaskell,
Thanks I went through but I am getting the following error now.
I am using SDK 1.5.0 and JRE7.
Do you know how to resolve it? I have changed https to http in .splunkrc file.
java.lang.RuntimeException: Connection reset
at com.splunk.HttpService.send(HttpService.java:427)
at com.splunk.Service.send(Service.java:1293)
at com.splunk.HttpService.post(HttpService.java:308)
at com.splunk.Service.login(Service.java:1122)
at com.splunk.Service.login(Service.java:1101)
at com.splunk.Service.connect(Service.java:187)
at com.splunk.examples.search.Program.run(Unknown Source)
at com.splunk.examples.search.Program.main(Unknown Source)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:690)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:661)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1324)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at com.splunk.HttpService.send(HttpService.java:425)
... 7 more
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You'll want to change the scheme back to https in your .splunkrc.
If you're using Oracle JDK try commenting out the following line from your java.security file.
#jdk.tls.disabledAlgorithms=SSLv3
I'm running CentOS 7 and modifying this line from /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/lib/security/java.security on the default OpenJDK install worked for me.
From:
jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 768
To:
jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 768
The SDK uses SSLv3 by default which is disabled in the security settings.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also, sourcetype=SplunkRabbitMQ_messaging | spath input=msg_body | where '3' > 0 is not working though it did in Web.
For example:
(Not working)
java -jar dist/examples/search_oneshot.jar "sourcetype=SplunkRabbitMQ_messaging | spath input=msg_body | where '3' > 0" --output_mode=json
(Working)
java -jar dist/examples/search_oneshot.jar "search * | tail 10" --output_mode=json
Is there any way to use sourcetype in CLI? I am getting Unknown search command 'sourcetype'. It worked in Splunk Web.
Update: By putting 'search' ahead of the command, it worked.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actually, when i am using https and did enableSplunkdSSL = true, it did not work but when i did http and did enableSplunkdSSL = false it worked. I commented the required line in java.security also.
I know it's not recommended but do you have any workaround?
Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...
Monitoring Amazon Elastic Kubernetes Service (EKS)
Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation
