All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Error on creating a PubSub input from a service-account in the Google Cloud Platform Addon

dcgen17
Explorer
‎11-08-2024 01:09 AM

Hello, 

From my client I created a service-account in the Google Cloud Platform: 

{
  "type": "service_account",
  "project_id": "<MY SPLUNK PROJECT>",
  "private_key_id": "<MY PK ID>",
  "private_key": "-----BEGIN PRIVATE KEY-----\<MY PRIVATE KEY>\n-----END PRIVATE KEY-----\n",
  "client_email": "<splunk>@<splunk>-<blabla>,
  "client_id": "<MY CLIENT ID>",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/<MY-SPLUNK-URL>"
}

The service-account was recognized by the Addon so I imagined that the connection was established correctly. 

When later I created the first input to collect the logs (a PubSub), when I am searching for the "Projects" connected to this service-account (in the photo)

Foto2.jpg

it returns me the error "External handler failed with code '1' and output ''. see splunkd.log for stderr"

Actually the stderr in splunkd gives no useful information (just a generic error), so I am blocked at the moment.
I also downloaded the code from Google Cloud Platform Add-on but it is not an easy debugging process, I cannot find what is the actual query that the Addon performs when clicking on "Projects". 

Someone have some idea on this error? 

Thanks



Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dcgen17
Explorer
‎11-11-2024 01:14 AM

Hello @Meett 

In the splunkd I see a copy of the error "External handler failed with code '1' and output ''.  without any specific additional information. 

Luckily I solve the issue for this case:

It was not an Addon problem but a Google Cloud permission issue. In fact, I did not have the Viewer permission for the Projects to execute correctly the queries from Splunk. 

A very simple case, complicated by the fact that the Addon returns no details about the error.

Bye, thanks



View solution in original post

0 Karma
Reply
Solved! Jump to solution

Meett
Splunk Employee
Splunk Employee
‎11-10-2024 10:34 PM

Hey @dcgen17 What do you see in Splunkd Logs ? 

0 Karma
Reply
Solved! Jump to solution
Solution

dcgen17
Explorer
‎11-11-2024 01:14 AM

Hello @Meett 

In the splunkd I see a copy of the error "External handler failed with code '1' and output ''.  without any specific additional information. 

Luckily I solve the issue for this case:

It was not an Addon problem but a Google Cloud permission issue. In fact, I did not have the Viewer permission for the Projects to execute correctly the queries from Splunk. 

A very simple case, complicated by the fact that the Addon returns no details about the error.

Bye, thanks



0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...