Just followed the word doc instructions with Service Now App and enabled the user group fetch as as test and it fails. So does the user fetch too. Same error.
Any idea whats going on here?
ServiceNow instance is Dublin.
07-24-2014 11:40:37.874 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snow/bin/scripts/snow.py sys_user_group_list" Traceback (most recent call last):
07-24-2014 11:40:37.874 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snow/bin/scripts/snow.py sys_user_group_list" File "/opt/splunk/etc/apps/snow/bin/scripts/snow.py", line 249, in
07-24-2014 11:40:37.874 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snow/bin/scripts/snow.py sys_user_group_list" sn.run()
07-24-2014 11:40:37.874 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snow/bin/scripts/snow.py sys_user_group_list" File "/opt/splunk/etc/apps/snow/bin/scripts/snow.py", line 244, in run
07-24-2014 11:40:37.874 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snow/bin/scripts/snow.py sys_user_group_list" self.retrieve()
07-24-2014 11:40:37.874 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snow/bin/scripts/snow.py sys_user_group_list" File "/opt/splunk/etc/apps/snow/bin/scripts/snow.py", line 146, in retrieve
07-24-2014 11:40:37.874 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snow/bin/scripts/snow.py sys_user_group_list" if child.tag not in self.snow_keys:
07-24-2014 11:40:37.874 -0700 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snow/bin/scripts/snow.py sys_user_group_list" TypeError: argument of type 'NoneType' is not iterable
Running manually gets same results:
./bin/splunk cmd python /opt/splunk/etc/apps/snow/bin/scripts/snow.py sys_user_group_list
SNOW: Object=sys_user_group_list state=initiated offset=2000-01-01 00:00:00
Traceback (most recent call last):
File "/opt/splunk/etc/apps/snow/bin/scripts/snow.py", line 249, in
sn.run()
File "/opt/splunk/etc/apps/snow/bin/scripts/snow.py", line 243, in run
self.connect()
File "/opt/splunk/etc/apps/snow/bin/scripts/snow.py", line 103, in connect
user, password = authSession.getCredentials(sessionKey)
File "/opt/splunk/etc/apps/snow/bin/scripts/authSession.py", line 13, in getCredentials
% (myapp, str(e)))
Exception: Could not get snow credentials from splunk. Error: [HTTP 401] Client is not authenticated
After the last comment, I was troubleshooting the new error and discovered the code was erroring because of empty csv files in the snow/lookups/ folder. I deleted all of them (except the original 3) and disabled the scripts and restarted Splunk, then re-enabled the scripted inputs 1 at a time and they all worked with the original script in place. The issue was that it had a hard time communicating before and that resulted in an empty csv but now all is well.
After the last comment, I was troubleshooting the new error and discovered the code was erroring because of empty csv files in the snow/lookups/ folder. I deleted all of them (except the original 3) and disabled the scripts and restarted Splunk, then re-enabled the scripted inputs 1 at a time and they all worked with the original script in place. The issue was that it had a hard time communicating before and that resulted in an empty csv but now all is well.
Determined the bug was on this line:
if child.tag not in self.snow_keys:
Changed to this:
if self.snow_keys is not None and child.tag not in self.snow_keys:
Since snow_keys is empty on the first iteration through.
Now I get a new error, researching.
I uncommented the proxy settings in snow.py so I can see the http request go by. The request is succeeding and I see XML response going back to snow.py, but snow.py is failing to parse it.
proxyHandler = urllib2.ProxyHandler({'https': 'http://burpsuite:8080'})
proxyOpener = urllib2.build_opener(proxyHandler)
urllib2.install_opener(proxyOpener)
Found that running it manually reports back:
Exception: Could not get snow credentials from splunk. Error: [HTTP 401] Client is not authenticated
I tried clearing local/app.conf and restarting Splunk, and then going Manage App > Setup and re-entering the credentials, but still fails.