All Apps and Add-ons

Cannot update Qualys API credentials

martin_mueller
SplunkTrust
SplunkTrust

When first entering a set of user/password credentials into the Qualys TA setup page, everything works as expected.
Once the credentials expire in the API and I attempt to update the password in the setup page, I get this error:

Encountered the following error while trying to update: Error while posting to url=/servicesNS/nobody/TA-QualysCloudPlatform/storage/passwords/

Looking at the _internal index, I can see the POST fail with a 409 status code, Conflict.

127.0.0.1 - admin [15/Jan/2018:10:28:25.948 +0100] "POST /servicesNS/nobody/TA-QualysCloudPlatform/apps/local/TA-QualysCloudPlatform/setup HTTP/1.0" 409 205 - - - 12675ms

Storing the password for a different user works and re-inserting the original user works after deleting passwords.conf, so it appears the setup page can only insert, not update a value.

Happens on various versions of Splunk including 7.0, using the latest version 1.2.3 of the Qualys TA.

Please fix updating the API user's password via the setup page.

martin_mueller
SplunkTrust
SplunkTrust

Here's the response I got from Qualys support:

In order to update the changes successfully into the Qualys TA for Splunk, please follow the below steps:

1)From Settings> Data Inputs disable the TA Inputs
2)Delete passwords.conf file.
3)Reboot the splunk instance.
4)Go to TA config in Splunk UI and give the credentials again.
5)Check if the passwords.conf file created
6)Enable TA inputs from data Inputs

Perpetual workaround, it seems 😞

martin_mueller
SplunkTrust
SplunkTrust

Thanks for letting me know that we're not alone 😄

My gut feeling says it's a problem with using the setup.xml to update credentials, it always forces a POST to the storage/passwords/_new entity, which is a create/insert... that fails when the key (=username) already exists.

0 Karma

paulbannister
Communicator

Hi There,

We had the same issue with updating our credentials on our cloud instance and to get Splunk Support to assist, apparently it is a know issue but what we did was exactly what you did.... delete the passwords.conf to allow the new credentials to take, an absolute pain as it left us without data for a few days

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...