Hi,
Im trying implement aperture api with paloalto addon. Im using splunk Enterprise v7.
used official doc for implementation but it didnt help. tried with 2 different splunk server.
thanks.
2017-11-24 20:45:01,141 INFO pid=31594 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2017-11-24 20:45:04,110 INFO pid=31594 tid=MainThread file=setup_util.py:log_info:114 | Proxy is not enabled!
2017-11-24 20:45:04,110 DEBUG pid=31594 tid=MainThread file=base_modinput.py:log_debug:286 | Checking if Proxy is enabled
2017-11-24 20:45:04,110 DEBUG pid=31594 tid=MainThread file=base_modinput.py:log_debug:286 | False
2017-11-24 20:45:04,111 DEBUG pid=31594 tid=MainThread file=base_modinput.py:log_debug:286 | Current input type is set to:
2017-11-24 20:45:04,111 DEBUG pid=31594 tid=MainThread file=base_modinput.py:log_debug:286 | friday
2017-11-24 20:45:04,111 DEBUG pid=31594 tid=MainThread file=base_modinput.py:log_debug:286 | Start get_auth_token.
2017-11-24 20:45:04,111 DEBUG pid=31594 tid=MainThread file=retry.py:from_int:191 | Converted retries value: 3 -> Retry(total=3, connect=None, read=None, redirect=None)
2017-11-24 20:45:04,112 DEBUG pid=31594 tid=MainThread file=retry.py:from_int:191 | Converted retries value: 3 -> Retry(total=3, connect=None, read=None, redirect=None)
2017-11-24 20:45:04,117 DEBUG pid=31594 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): api.aperture.paloaltonetworks.com
2017-11-24 20:45:05,036 DEBUG pid=31594 tid=MainThread file=connectionpool.py:_make_request:400 | https://api.aperture.paloaltonetworks.com:443 "POST /oauth/token?scope=api_access&grant_type=client_credentials HTTP/1.1" 401 114
2017-11-24 20:45:05,038 ERROR pid=31594 tid=MainThread file=base_modinput.py:log_error:307 | ERROR: Invalid credentials.
2017-11-24 20:45:05,040 ERROR pid=31594 tid=MainThread file=base_modinput.py:log_error:307 | Get error when collecting events.
Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/modinput_wrapper/base_modinput.py", line 127, in stream_events
self.collect_events(ew)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/aperture.py", line 64, in collect_events
input_module.collect_events(self, ew)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/input_module_aperture.py", line 75, in collect_events
token = get_auth_token(helper, opt_global_account, proxy_enabled)
File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/input_module_aperture.py", line 58, in get_auth_token
raise ValueError(r_status)
ValueError: 401
... View more