- Splunk Answers
- :
- Splunk Premium Solutions
- :
- Security Premium Solutions
- :
- Splunk Enterprise Security
- :
- Qualys Technology Add-on (TA) for Splunk: Why am I...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Qualys Technology Add-on (TA) for Splunk: Why am I receiving "Could not get TA-QualysCloudPlatform credentials from Splunk. Cannot continue." error?
I have installed Qualys Technology Add-on (TA) for Splunk. Have set up the account details- username, password with API access, API service is enabled and working fine (as it is being used on some other platform).
Even after setting up everything- these logs are being displayed on Splunk:
sourcetype=qualys
Logs-
Start qualys TA
Could not get TA-QualysCloudPlatform credentials from Splunk. Cannot continue. Error: 'str' object has no attribute 'os_startIndex'
Start qualys TA
Could not get TA-QualysCloudPlatform credentials from Splunk. Cannot continue. Error: 'str' object has no attribute 'os_startIndex'
Start qualys TA
Could not get TA-QualysCloudPlatform credentials from Splunk. Cannot continue. Error: 'str' object has no attribute 'os_startIndex'
Start qualys TA
Could not get TA-QualysCloudPlatform credentials from Splunk. Cannot continue. Error: 'str' object has no attribute 'os_startIndex'
Start qualys TA
Could not get TA-QualysCloudPlatform credentials from Splunk. Cannot continue. Error: 'str' object has no attribute 'os_startIndex'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you confirm the following
a. The version of Qualys Technology Add-on (TA) ?
b. If your SPLUNK_HOME is /opt/splunk, then from SPLUNK_HOME/etc/apps/TA-QualysCloudPlatform run following command - /opt/splunk/bin/splunk cmd python ./bin/run.py -h to check data pull operations for the config you have added.
c. Check if there are any API errors at /opt/splunk/var/log/splunk/ta_QualysCloudPlatform.log
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi nit123,
i am also seeing this error when deploying the TA to a heavy forwarder. when running the command above i get the following below.
TA-QualysCloudPlatform: 2017-06-29T11:52:10Z PID=12702 [MainThread] INFO: TA-QualysCloudPlatform - Making request: https://qualysapi.qualys.com/msp/about.php with params={}
_internal
TA-QualysCloudPlatform: 2017-06-29T11:53:21Z PID=12702 [MainThread] ERROR: TA-QualysCloudPlatform - Error during request to /msp/about.php, [None] [Errno 110] Connection timed out
_internal
Traceback (most recent call last):
File "./bin/run.py", line 138, in
qapi.client.validate()
File "/opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualysModule/lib/api/Client.py", line 200, in validate
response = self.get("/msp/about.php", {}, SimpleAPIResponse())
File "/opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualysModule/lib/api/Client.py", line 259, in get
raise APIRequestError("Error during request to %s, [%s] %s" % (end_point, ue.errno, ue.reason))
qualysModule.lib.api.Client.APIRequestError: Error during request to /msp/about.php, [None] [Errno 110] Connection timed out
thanks
Ash
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
