Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Venafi logs have stopped ingesting into Splunk

splunker545
Engager
‎07-01-2019 12:48 PM

Venafi logs stopped ingesting into Splunk.

We have appropriate role created and capabilities(edit_tcp) also attached
when we tested with dev environment below errors appearing from Venafi end 

"An error occurred while connecting to splunk-dev.XXXXX:8089.  Error: 401: Unauthorized
  Warning: Login failed  Details:    at Splunk.Client.Response.d__b.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at Splunk.Client.Response.d__4.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at Splunk.Client.Service.d__b.MoveNext()"

Below are the internal logs generated from Splunk side:

07-01-2019 14:43:45.929 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX  source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
7/1/19
2:39:31.621 PM  
07-01-2019 14:39:31.621 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
7/1/19
3:00:57.328 AM  
07-01-2019 03:00:57.328 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
6/30/19
3:02:55.905 AM  
06-30-2019 03:02:55.905 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX  source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
6/29/19
3:13:47.592 AM  
06-29-2019 03:13:47.592 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
6/28/19
9:56:27.005 AM  
06-28-2019 09:56:27.005 -0400 ERROR UserManagerPro - LDAP Login failed, could not find a valid user="venafi_input" on any configured servers
host =  XXXXX source =  /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd

Note: Venafi application hosted in Windows server
please provide your insights ,TIA

0 Karma
Reply

woodcock
Esteemed Legend
‎07-01-2019 03:10 PM

The log could hardly be more clear. The user that is being used to access the logs ( venafi_input ) is no longer valid. Fix that user or create a new one and switch to using the new one.

0 Karma
Reply

splunker545
Engager
‎07-02-2019 01:00 PM

thanks Woodcock, i guess that works , let me try that

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...