×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
M4rv1m
Engager
Member since: ‎12-02-2024
‎04-17-2025
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎12-02-2024
View All

Re: App Webtool - SLL error, certificate verify fa...

by in All Apps and Add-ons
‎04-16-2025 03:08 AM
1 Karma
‎04-16-2025 03:08 AM
1 Karma
Hi @livehybrid Thank you for your answer, but it didn't solve my problem unfortunately. I'm currently on a On-prem enviroment, and the workaround that i found was to put the verify parameter (this one directly in the curl.py) to false. line 99 r = requests.post(uri,data=payload,verify=False,cert=cert,headers=headers,timeout=timeout) Maybe not the best, but it's working. ... View more

App Webtool - SLL error, certificate verify failed

by in All Apps and Add-ons
‎04-10-2025 02:47 AM
‎04-10-2025 02:47 AM
Hello @jkat54! I'm having some trouble getting the app to work, and the ultimate goal is to be able to change the ownership of searches automatically (e.g. from a scheduled report). Here is the search: ``` get all info about the searches on the instance ``` | rest /services/saved/searches splunk_server=local ``` exclude every search where are from user “user” , are disabled and they come only from app search ``` | search eai:acl.owner!="user2 " disabled = 0 eai:acl.app = "search" | rename eai:acl.owner as owner, eai:acl.app as app, eai:acl.sharing AS sharing ```extract the management port and the search name already urlencoded ``` | rex field=id "^\S+(?<mngmport>\:\d+)\/servicesNS\/\S+\/saved\/searches\/(?<search_name>\S+)$" ``` buid the uri for the curl mngmport =: mngmport ``` | eval url = https:// + splunk_server + mngmport +"/servicesNS/"+ owner +"/"+ app +"/saved/searches/"+ search_name +"/acl" ``` future use, not yet implemented ``` | eval description = description + " - moved from " + owner ``` constructing data= {"owner":"user2","sharing":"global"} ``` | eval data = json_object("owner", "user2", "sharing", sharing) ``` debug & Co ``` | table splunk_server app owner title description disabled action.notable cron_schedule url data id sharing * ``` the curl, which isn't working/ i'm probably doing something wrong here ``` | curl urifield=url method="post" splunkauth="true" debug=true datafield=data | table curl*   I've tried to specify the cert in some way, but it seems that there are no args that I can pass for it. Since I can't find a solution to this (searching online I found a suggestion to bypass ssl inspection, but in my case I don't think I can solve it with that), I'm here to ask for help. I prefer to avoid using simple authentication (user:password). The error I get is from the curl_message field: HTTPSConnectionPool(host='host', port=8089): Max retries exceeded with url: /servicesNS/user1/search/saved/searches/dummy%20search/acl (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1143)'))) curl_status: 408 Thanks in advance! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-17-2025 02:41 AM
Karma from
View All
Karma given to
View All