All Apps and Add-ons

Problem Replicating Bundle when Enabling MS Graph Security API Add-On for Splunk

New Member

Hi Community team, I have an issue whenever I enable the this add-on on my Search Head with this below error,

Problem replicating config (bundle) to search peer ' X.X.X.X:8089 ', Upload bundle="E:\Splunk\var\run\SPL-SH2-1630562214.bundle" to peer name=SPL-Ind3 uri=https://X.X.X.X:8089 failed; http_status=400 http_description="Failed to untar the bundle="E:\Splunk\var\run\searchpeers\SPL-SH2-1630562214.bundle". This could be due Search Head attempting to upload the same bundle again after a timeout. Check for sendRcvTimeout message in splund.log, consider increasing it.".

Health Check: One or more apps ("TA-microsoft-graph-security-add-on-for-splunk") that had previously been imported are not exporting configurations globally to system. Configuration objects not exported to system will be unavailable in Enterprise Security.

Note: we had increased sendRcvTimeout in distsearch.conf at both SH to 900 as per our requirement need.

We are using Splunk Enterprise 8.0.5 on premise with 2 SH (1 with ES), 3 IDX, 1 Deployment/MC, 1 LM, 1 HF

Anyone ever experiencing this issue or successfully installed and use the add-on in your environment?.. Appreciate the feedback, thanks


Labels (1)
Tags (2)
0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...

Reminder! Splunk Love Promo: $25 Visa Gift Card for Your Honest SOAR Review With ...

We recently launched our first Splunk Love Special, and it's gone phenomenally well, so we're doing it again, ...