All Apps and Add-ons

Bug: App is not forwarding logs due to 404 on the final stage of configuration

SonofLiberty
Engager

Good afternoon.
We have installed latest version of CEF app. to our Splunk 6.5.2.

Plugin is enabled, field mapping is configured, network connection working fine, but logs are not being forwarded by the app at all.
The reason for this (as I see it) is that App fails at the last (finish and export) stage of configuration. When we press the "Export outputs" button, app is stuck on "Generating TA" step and it's not going forward leaving changes uncommitted.

We've tried to debug this using chrome dev. console and found that 404 is returned when pressing the button:

alt text

The exact link behind this 404 URL is:
https://splunk-instance/custom/splunk_app_cef/cef_utils/maketaforindexers

But, if you change the URL to include the language and locality, like:
https://splunk-instance/en-US/custom/splunk_app_cef/cef_utils/maketaforindexers

It works and the result is returned!

Digging into the source code of 2.0.1, this is what we've found. Look at the last line:

root@root MINGW64 /c/d/ddir/20171207/splunk_app_cef
$ find . -type f| xargs grep "maketa"
./appserver/controllers/cef_utils.py:    @route("/:maketaforindexers=maketaforindexers")
./appserver/controllers/cef_utils.py:    def maketaforindexers(self, **kwargs):
grep: ./appserver/static/js/lib/DataTables/images/Sorting: No such file or directory
grep: icons.psd: No such file or directory
./appserver/static/js/views/DownloadIndexerAppView.js:          var uri = Splunk.util.make_url("../../custom/splunk_app_cef/cef_utils/maketaforindexers");

Which means that if we make look like:

Splunk.util.make_url("../custom/splunk_app_cef/cef_utils/maketaforindexers");

It will probably work.

Can somebody confirm that this is a pure bug? What shall we do with it?

Thank you.

Tags (1)
0 Karma

LukeMurphey
Champion

That is definitely a bug. I tested and confirmed it and created a report for the team that owns it. I marked it for the next maintenance release of CEF. For reference, the ticket number is RTO-271.

Given your fix, it sounds like the app is working for you now. Let me know if that isn't the case and I can help get you unblocked.

Excellent debugging by the way.

SonofLiberty
Engager

Thank you for your quick answer and for creation of the bug ticket as well.

It's not fixed for us yet cause we don't have administrative privileges on our Splunk instance.
So we are eagerly waiting for devs of CEF app to push the fix.

0 Karma

LukeMurphey
Champion

Ok, good to know.

I implemented a fix earlier today. I'm not sure when the next maintenance release is supposed to go out but I'll ask around and see if I can get it moved up.

0 Karma

SonofLiberty
Engager

@LukeMurphey,

Thank you sir. Can you give me a direct link to a ticket/commit itself?
Wanna track the status too.

0 Karma

LukeMurphey
Champion

The ticket number is RTO-271. It is in our internal ticketing system though so the content isn't publicly available.

0 Karma

SonofLiberty
Engager

@LukeMurphey,

Is there anything we can do to fix it in our environment considering that we don't have an admin rights to Splunk instance? Like uploading the fixed file using GUI?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...