Splunk Enterprise

Secure Gateway Status Not Connected

token2
Path Finder

I had the Splunk Cloud Gateway installed before it was standard (Splunk 7.x) and working, with alerts and dashboards accessible from my phone.  I believe during a license update that stripped my account (new terms allows for only one account, so admin) broke it (stopped getting alerts).  Since its a home lab and not prod I didn't dig into it.

Now that I am digging into it, the gateway dashboard is showing this:

token2_0-1627864538134.png

 

SPL:  index=_internal source=*cloud* ERROR AND NOT SUBSCRIPTION

Shows this:

token2_1-1627864586863.png

I can register my device, but it can't see any dashboards, it seems to time out.

There seems to be a vacuum in google as to troubleshooting this except talk of using proxies.  I am not running a proxy.

What could the issue be?

Labels (1)
0 Karma

token2
Path Finder

Additional info from one of the troubleshooting dashboards:

token2_0-1627865345258.png

 

 

0 Karma

token2
Path Finder

token2_0-1627888284854.png

 

I can delete devices, I can somewhat register a device (error at the end of the process telling me to contact the admin).

token2_1-1627888351169.png

 

Thankfully production doesn't use this, but seems shaky for a built in app.

0 Karma

token2
Path Finder

I had to revert my VM from a snapshot back to Splunk 8.0.1 using Splunk Cloud Gateway instead of Secure Gateway.  It now works, I can register my device and check dashboards.

 

0 Karma

glenp42
Observer

Did you ever get this resolved using SSG? 

I'm having the **exact** same issue with 8.2.x docker in my LAB setup.

0 Karma

token2
Path Finder

Never fixed it, I just restored to an older version of Splunk 7 and forgoing the update to 8.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!