All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Problem Replicating Bundle when Enabling MS Graph Security API Add-On for Splunk

flunardi
New Member
‎09-23-2021 07:36 PM

Hi Community team, I have an issue whenever I enable the this add-on on my Search Head with this below error,

Problem replicating config (bundle) to search peer ' X.X.X.X:8089 ', Upload bundle="E:\Splunk\var\run\SPL-SH2-1630562214.bundle" to peer name=SPL-Ind3 uri=https://X.X.X.X:8089 failed; http_status=400 http_description="Failed to untar the bundle="E:\Splunk\var\run\searchpeers\SPL-SH2-1630562214.bundle". This could be due Search Head attempting to upload the same bundle again after a timeout. Check for sendRcvTimeout message in splund.log, consider increasing it.".

Health Check: One or more apps ("TA-microsoft-graph-security-add-on-for-splunk") that had previously been imported are not exporting configurations globally to system. Configuration objects not exported to system will be unavailable in Enterprise Security.

Note: we had increased sendRcvTimeout in distsearch.conf at both SH to 900 as per our requirement need.

We are using Splunk Enterprise 8.0.5 on premise with 2 SH (1 with ES), 3 IDX, 1 Deployment/MC, 1 LM, 1 HF

Anyone ever experiencing this issue or successfully installed and use the add-on in your environment?.. Appreciate the feedback, thanks

 

Labels (1)
Labels
Tags (2)
0 Karma
Reply

Mo
Observer
‎09-21-2022 10:34 PM

Hope you found the answer in another thread. I just came across the same issue and found this solution.

Seems to be the standard .meta in most apps I use together with ES.

https://community.splunk.com/t5/Splunk-Search/Why-do-we-have-the-not-exporting-configurations-global...

0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...