Hello,
I'm trying to install the Splunk for Palo Alto Networks Addin/App for Splunk onto an instance of Splunk Light running on top of Ubuntu 14.04.3 LTS. The installation instructions indicate the package may be downloaded directly (which I have done) or installed from git.
I have attempted the git method, but I am getting an error as below:
fatal: unable to access 'https://github.com/PaloAltoNetworks-BD/SplunkforPaloAltoNetworks.git/': gnutls_handshake() failed: An unexpected TLS packet was received.
I'm not sure how to handle the direct download installation method. There doesn't appear to be instructions for this. I downloaded the .tgz and extracted to the /opt/splunk/etc/apps directory and restarted Splunk, but I don't see anything. Note that I am using Splunk Light and not Splunk Enterprise - I don't think the light version supports downloading apps from the apps homepage as is described in the documentation.
By the way, I am pretty inexperienced with Splunk so I apologize in advance if I omitted anything here.
Any help would be appreciated. Thank you.
In general, packaged apps are not supported inside of Splunk Light - I think that this includes 3rd party apps that are prebuilt.
http://www.splunk.com/en_us/products/splunk-light/splunk-light-vs-splunk-enterprise.html
Also the error you're seeing is likely to do with git, not anything Splunk related. You might be able to use apt-get to install a version of git that supports openssl instead of gnutls, but that's an Ubuntu / git thing, not a Splunk thing.
http://askubuntu.com/questions/186847/error-gnutls-handshake-failed-when-connecting-to-https-servers
Hi mjung,
The Palo Alto Networks App for Splunk is an App for Splunk Enterprise, not Splunk Light. Compatibility is indicated on the app's homepage: https://splunkbase.splunk.com/app/491
Sorry I forgot to say Splunk is running as Splunk Light Version 6.3.2. We do have a license - it is not the free version.