All Apps and Add-ons

Splunk Add-on Builder Proxy Errors- Alert action works perfectly except when I enable proxy

jmartin_pro
Engager

Hello All,

This is my first time posting to Splunk Community. I've found a lot of value here and hope you all are doing well.

I have an add-on built with the Splunk Add-on Builder (I believe version 4.1.0) that contains an alert action that packages up search results and sends them to a HEC input. I am utilizing George Starcher's Python class for sending events to HEC inputs (https://github.com/georgestarcher/Splunk-Class-httpevent). The alert action works perfectly except when I enable the proxy - then I am hit with the error message:

 

 

Traceback (most recent call last):
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/splunk_http_event_collector.py", line 287, in _batchThread
    response = self.requests_retry_session().post(self.server_uri, data=payload, headers=headers, verify=self.SSL_verify,proxies=proxies)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 635, in post
    return self.request("POST", url, data=data, json=json, **kwargs)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/adapters.py", line 499, in send
    timeout=timeout,
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connectionpool.py", line 696, in urlopen
    self._prepare_proxy(conn)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connectionpool.py", line 964, in _prepare_proxy
    conn.connect()
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connection.py", line 359, in connect
    conn = self._connect_tls_proxy(hostname, conn)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connection.py", line 506, in _connect_tls_proxy
    ssl_context=ssl_context,
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/util/ssl_.py", line 453, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/util/ssl_.py", line 495, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock)
  File "/opt/splunk/lib/python3.7/ssl.py", line 423, in wrap_socket
    session=session
  File "/opt/splunk/lib/python3.7/ssl.py", line 827, in _create
    raise ValueError("check_hostname requires server_hostname")
ValueError: check_hostname requires server_hostname

 

 

 Has anyone come across similar behavior? I am trying a variety of different things but this has quickly gone over my head. Any help or direction would be greatly appreciated. Please let me know what information I can provide.

Thank you.

Labels (3)
0 Karma
1 Solution

jmartin_pro
Engager

This was resolved by altering one line in Starcher's class (line 266). Without this change, the script would error out when running through the SSL verification process.

from:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('https',credential_string,self.proxy_url,self.proxy_port)}

 to:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port)}

  

View solution in original post

0 Karma

jmartin_pro
Engager

This was resolved by altering one line in Starcher's class (line 266). Without this change, the script would error out when running through the SSL verification process.

from:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('https',credential_string,self.proxy_url,self.proxy_port)}

 to:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port)}

  

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...