All Apps and Add-ons

Splunk Add-on for F5 BIG-IP: error message -- "Fail to set active folder as partition '/Common'"

manderson7
Contributor

Fail to set active folder as partition "/Common". How to open port 443?

I'm receiving this error message when I enable the F5 task in the add-on. As far as I can tell the server information is configured correctly, and I'm using the same account as what's set on the F5 itself for me. One of the answers Fail to set active folder as partition "/Common" for Template had an answer that said to open port 443, but it, and the documentation fail to mention where to open said port. I can telnet to the F5 from my heavy forwarder on port 443, but 443 isn't running in Splunk, nor is it allowed, as I'm running as the splunk user and not root, per best practices. Could someone please explain what to do here? Thank you.

0 Karma
1 Solution

sherm77
Path Finder

@manderson7 - the answer is in the docs, I missed it as we put in firewall requests for all of the ports necessary, but just found it. Maybe it will be of some help to you.

In the troubleshooting page for the F5 Big-IP addon, you see this:

http://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Troubleshooting

"Destination unreachable" errors

Ensure that you have opened port 443 in your firewall to enable F5 BIG-IP to communicate with the iControl API over SSL.

The above troubleshooting docs are vague and need to be updated to say something like it says on a previous page (take notice of where it says the collection takes place):

The Splunk Add-on for F5 BIG-IP *collects* performance data (system settings, server performance, and traffic statistics data) for F5 BIG-IP servers from iControl APIs over the network using a modular input. You can configure this input using Splunk Web on your heavy forwarder.

  1. On the machine running your heavy forwarder, open port 443 to allow communication with F5 BIG-IP.

http://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Configureinputs

So, in summary, you have to open port 443 on the heavy forwarder as the source (the one doing the polling) to the F5.

A side note: In order to send the iApp info, you have to configure the HTTP Event Collector (HEC), create a token and put that token in the F5 - port 8088 will be opened on the heavy forwarder, so you'll have to have that port opened from the F5 to the heavy forwarder.

https://www.f5.com/pdf/deployment-guides/f5-analytics-dg.pdf

View solution in original post

0 Karma

sherm77
Path Finder

@manderson7 - the answer is in the docs, I missed it as we put in firewall requests for all of the ports necessary, but just found it. Maybe it will be of some help to you.

In the troubleshooting page for the F5 Big-IP addon, you see this:

http://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Troubleshooting

"Destination unreachable" errors

Ensure that you have opened port 443 in your firewall to enable F5 BIG-IP to communicate with the iControl API over SSL.

The above troubleshooting docs are vague and need to be updated to say something like it says on a previous page (take notice of where it says the collection takes place):

The Splunk Add-on for F5 BIG-IP *collects* performance data (system settings, server performance, and traffic statistics data) for F5 BIG-IP servers from iControl APIs over the network using a modular input. You can configure this input using Splunk Web on your heavy forwarder.

  1. On the machine running your heavy forwarder, open port 443 to allow communication with F5 BIG-IP.

http://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Configureinputs

So, in summary, you have to open port 443 on the heavy forwarder as the source (the one doing the polling) to the F5.

A side note: In order to send the iApp info, you have to configure the HTTP Event Collector (HEC), create a token and put that token in the F5 - port 8088 will be opened on the heavy forwarder, so you'll have to have that port opened from the F5 to the heavy forwarder.

https://www.f5.com/pdf/deployment-guides/f5-analytics-dg.pdf

0 Karma

pgadhari
Builder

@sherm77 and @manderson7 - So did you opened the port 443 on heavy forwarder, what is the process you followed on enabling that port ? Did you open the port in "Data inputs" ==> TCP ==> added a new port 443 in listen mode ? please explain ? I am also getting the same errors above, when I am configuring the F5 add-on in my setup ?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...