The System Tagger for ePO add-on doesn't attempt any verification when you are trying to save, so even if you had bad credentials, put words in place of a port, etc. it would not cause this to fail. I think you are running into a more fundamental issue with the application and permissions, or some issue with the Splunk server.
You might want think about:
The add-on was built and tested with Splunk Enterprise version 6.5, full license. I believe it should work with any Splunk version that supports custom alert actions (6.3+), but it's possible there's an issue with 6.3 or 6.4 and add-on. What Splunk version are you using?
If you are using 6.3 or greater, are you running a full Splunk Enterprise license? Splunk free, e.g., does not support alerts at all, and hence would not work with this app (and could possibly throw an error like this?). I have not tested it against the old dev license nor against the new dev/test license.
Is the add-on disabled?
Is your Splunk user account an admin on the server?
What permissions are set on the add-on itself?
Does something about the user role capabilities and app permissions tell you anything insightful? On my system, I am running as admin, the add-on is set to work globally ("all apps" for the scope), admin has write, everyone has read.
Are you attempting to do this on a Search Head Cluster? If so, did you deploy it correctly, i.e. via the Deployer, or did you just install it from a file or from Splunkbase directly in the app?
These are just a few thoughts off the top of my head. Let me know how it goes. Thanks!
-Andrew
... View more