Hi,
Running into this error trying to setup the Streaming API:
04-03-2020 11:37:21.473 +0000 INFO TcpOutputProc - Connected to idx=3.225.177.214:9997, pset=0, reuse=0.
04-03-2020 11:37:34.438 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': Traceback (most recent call last):
04-03-2020 11:37:34.438 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/bin/runScript.py", line 78, in <module>
04-03-2020 11:37:34.438 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': execfile(REAL_SCRIPT_NAME)
04-03-2020 11:37:34.438 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/TA-crowdstrike/bin/ta_crowdstrike_rh_falcon_host_accounts.py", line 136, in <module>
04-03-2020 11:37:34.438 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': admin.init(base.ResourceHandler(Servers), admin.CONTEXT_APP_AND_USER)
04-03-2020 11:37:34.438 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 130, in init
04-03-2020 11:37:34.439 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': hand.execute(info)
04-03-2020 11:37:34.439 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 593, in execute
04-03-2020 11:37:34.439 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': if self.requestedAction == ACTION_CREATE: self.handleCreate(confInfo)
04-03-2020 11:37:34.439 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/TA-crowdstrike/bin/ta_crowdstrike/splunktaucclib/rest_handler/base.py", line 253, in handleCreate
04-03-2020 11:37:34.439 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': args = self.encode(self.callerArgs.data)
04-03-2020 11:37:34.439 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/TA-crowdstrike/bin/ta_crowdstrike/splunktaucclib/rest_handler/base.py", line 299, in encode
04-03-2020 11:37:34.439 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': args = self.validate(args)
04-03-2020 11:37:34.439 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/TA-crowdstrike/bin/ta_crowdstrike/splunktaucclib/rest_handler/base.py", line 659, in validate
04-03-2020 11:37:34.439 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': logLevel=logging.INFO)
04-03-2020 11:37:34.439 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/TA-crowdstrike/bin/ta_crowdstrike/splunktaucclib/rest_handler/error_ctl.py", line 150, in ctl
04-03-2020 11:37:34.439 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': raise BaseException(err)
04-03-2020 11:37:34.439 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': BaseException: REST ERROR[1100]: Unsupported value in request arguments - Authorization Failed! Please verify API UUID and API Key of Streaming API - field=api_key
04-03-2020 11:37:34.450 +0000 ERROR AdminManagerExternal - External handler failed with code '1' and output: 'REST ERROR[1100]: Unsupported value in request arguments - Authorization Failed! Please verify API UUID and API Key of Streaming API - field=api_key'. See splunkd.log for stderr output.
04-03-2020 11:37:40.640 +0000 WARN TcpOutputProc - Cooked connection to ip=52.22.200.180:9997 timed out
04-03-2020 11:37:51.207 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': Traceback (most recent call last):
04-03-2020 11:37:51.207 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/bin/runScript.py", line 78, in <module>
04-03-2020 11:37:51.207 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': execfile(REAL_SCRIPT_NAME)
04-03-2020 11:37:51.207 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/TA-crowdstrike/bin/ta_crowdstrike_rh_falcon_host_accounts.py", line 136, in <module>
04-03-2020 11:37:51.207 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': admin.init(base.ResourceHandler(Servers), admin.CONTEXT_APP_AND_USER)
04-03-2020 11:37:51.207 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 130, in init
04-03-2020 11:37:51.207 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': hand.execute(info)
04-03-2020 11:37:51.207 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 593, in execute
04-03-2020 11:37:51.207 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': if self.requestedAction == ACTION_CREATE: self.handleCreate(confInfo)
04-03-2020 11:37:51.207 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/TA-crowdstrike/bin/ta_crowdstrike/splunktaucclib/rest_handler/base.py", line 253, in handleCreate
04-03-2020 11:37:51.207 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': args = self.encode(self.callerArgs.data)
04-03-2020 11:37:51.207 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/TA-crowdstrike/bin/ta_crowdstrike/splunktaucclib/rest_handler/base.py", line 299, in encode
04-03-2020 11:37:51.207 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': args = self.validate(args)
04-03-2020 11:37:51.208 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/TA-crowdstrike/bin/ta_crowdstrike/splunktaucclib/rest_handler/base.py", line 659, in validate
04-03-2020 11:37:51.208 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': logLevel=logging.INFO)
04-03-2020 11:37:51.208 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/TA-crowdstrike/bin/ta_crowdstrike/splunktaucclib/rest_handler/error_ctl.py", line 150, in ctl
04-03-2020 11:37:51.208 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': raise BaseException(err)
04-03-2020 11:37:51.208 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': BaseException: REST ERROR[1100]: Unsupported value in request arguments - Authorization Failed! Please verify Username and Password of Query API - field=api_key
04-03-2020 11:37:51.219 +0000 ERROR AdminManagerExternal - External handler failed with code '1' and output: 'REST ERROR[1100]: Unsupported value in request arguments - Authorization Failed! Please verify Username and Password of Query API - field=api_key'. See splunkd.log for stderr output.
Any ideas would be welcome.
Cheers
W
... View more