- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Is the Splunk Add-on for Microsoft Cloud Services ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is the Splunk Add-on for Microsoft Cloud Services compatible with Splunk Free?
Hi,
I have been using the Splunk Add-on for Microsoft Cloud Services on my Splunk Enterprise trial. Now that the trial period has expired it has reverted to the Free license. But this add-on has stopped working. I haven't found anywhere that says it shouldn't work with the free version, and the free version should support apps. So does anyone know why it wouldn't be working?
Splunk Web doesn't render, it just hangs saying Loading...
And if I look at the Network tab I can see that the following two calls:
/en-GB/splunkd/_raw/servicesNS/nobody/Splunk_TA_microsoft-cloudservices/splunk_ta_ms_o365/1.0/ta_o365_server_accounts?output_mode=json&count=10&sort_dir=asc&sort_key=name&search=&offset=0&=1497358763006
and
/en-GB/splunkd/_raw/servicesNS/nobody/Splunk_TA_microsoft-cloudservices/splunk_ta_ms_o365/1.0/ta_o365_server_management_api_inputs?output_mode=json&count=100&sort_dir=asc&sort_key=name&search=&offset=0&=1497358763007
are both returning 500 errors. The message in both cases is:
{"messages":[{"type":"ERROR","text":"External handler failed with code '1' and output: 'REST ERROR[403]: Unauthorized client for the requested action - capability=ta_o365_configuration'. See splunkd.log for stderr output."}]}
Does anyone have any ideas why this would not be working?
Thanks for any help,
Iain
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this:
vi /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunktamscs/ca_certs_locater.py
Look for TEMP_CERT_FILE_PATH
and update it to '/etc/pki/tls/certs/ca-bundle.crt'
TEMP_CERT_FILE_PATH = '/etc/pki/tls/certs/ca-bundle.crt'
Save the changes and restart Splunk
Please let us know if this works for you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @povares_splunk
Splunk_TA_microsoft-cloudservices/bin/splunktamscs/ca_certs_locater.py
TEMP_CERT_FILE_NAME = 'httplib2_merged_certificates_{}.crt'
Whenever the inputs run this script creates the cert file under /tmp/ directory and it will never get deleted and making /tmp/ directory full.
Is this a bug with the App?
OR
It's required to create a cert file while running inputs?
Regards,
Arun Sunny
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't think Splunk Free supports custom roles. As you can see in the error message the app is complaining about capability=ta_o365_configuration. If you have a look in /Splunk_TA_microsoft-cloudservices/default/authorize.conf you'll see the custom capabilities provided by the app
[capability::ta_o365_configuration]
[capability::ta_o365_system_configuration]
[capability::ta_o365_get_credential]
To get it work with Splunk Free I suppose you'll need to modify the app to remove reliance on those capabilities, but I don't think its as simple as removing the entries for authorize.conf, if indeed it is even possible.
I notice in the Splunk Base entry for this app (https://splunkbase.splunk.com/app/3110/) it does say that the app is only compatible with Splunk Cloud and Splunk Enterprise, so I'm guessing it won't be able to run with the free version.
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
