- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- ActiveMQ 5.15.4 JMS connectivity with Splunk7.1.2
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ActiveMQ 5.15.4 JMS connectivity with Splunk7.1.2
Hello,
I'm unable to set up a connection between ActiveMQ 5.15.4 and JMS modular input 1.6.1.
On Splunk restart I got following error :
07-26-2018 18:52:13.488 +0300 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read client hello B', alert_description='handshake failure'.
07-26-2018 18:52:13.488 +0300 WARN HttpListener - Socket error from 127.0.0.1 while idling: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
07-26-2018 18:52:13.760 +0300 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" Error executing modular input : No appropriate protocol (protocol is disabled or cipher suites are inappropriate) : java.lang.RuntimeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
07-26-2018 18:52:13.760 +0300 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" at com.splunk.HttpService.send(HttpService.java:326)
07-26-2018 18:52:13.760 +0300 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" at com.splunk.Service.send(Service.java:1203)
07-26-2018 18:52:13.760 +0300 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" at com.splunk.HttpService.get(HttpService.java:115)
07-26-2018 18:52:13.760 +0300 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" at com.splunk.Entity.refresh(Entity.java:375)
07-26-2018 18:52:13.760 +0300 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" at com.splunk.Entity.refresh(Entity.java:24)
I've made some checks :
JAVA_HOME=C:/Java/jdk1.8.0_121
C:\Program Files\Splunk\etc\apps\jms_ta\bin>python jms.py --scheme doesn't contains any errors.
Any attempt to create or update JMS Messaging input ( I have few from previous version)
end with errror :
Encountered the following error while trying to update: Argument validation for scheme=jms failed: The script returned with exit status 2.
Can anyone advise me on what is wrong ? Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello ,
After changing jars in \jms_ta\bin\lib folder for this list :
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\jmsmodinput.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\splunk_tlsv12.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\jms.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\log4j-1.2.16.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-web-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-console-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-spring-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-kahadb-store-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-broker-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-jaas-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-openwire-legacy-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-client-5.15.4.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\activemq-protobuf-1.1.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\jcl-over-slf4j-1.7.25.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\slf4j-api-1.7.25.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\slf4j-log4j12-1.7.25.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\geronimo-jta_1.0.1B_spec-1.0.1.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\geronimo-j2ee-management_1.1_spec-1.0.1.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\geronimo-jms_1.1_spec-1.1.1.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\hawtbuf-1.11.jar"
"C:\Program Files\Splunk\etc\apps\jms_ta\bin\lib\splunk.jar"
I was able to get rid of the error .
However I still having problems :
Messages are taken only during restart or when I disable/enable the input.
And following error is thrown :
ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" It has been determined via the REST API that all inputs have been disabled
ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\jms_ta\bin\jms.py"" Can't connect to Splunk REST API with the token [Splunk kCmdvKWBwD3pb5A7wfxaWZfqiFVTUl7AyDnrmLRHjbfzvwDueqNXjG6mfJIXLOual5usKoz0yDGwhze5Sw0^^n6vEYSOOCz0FMhnPmdhjDct8vMUBo], either the token is invalid or SplunkD has exited : No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've ended up using JMS modular input 1.5.1
No errors.All messages are taken on schedule
Best regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What version of Splunk are you using ? What are your Splunk SSL settings ? the error isn't to do with the calls to ActiveMQ , it is internal callbacks to Splunk's REST API.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Damien ,
I'm using Splunk 7.1.2 with default ssl settings :
web.conf
[settings]
enableSplunkWebSSL = 1
servers.conf
[general]
serverName = AAAAAAAA
pass4SymmKey = BBBBBB
[sslConfig]
sslPassword = CCCCCCCC
[lmpool:auto_generated_pool_download-trial]
description = auto_generated_pool_download-trial
quota = MAX
slaves = *
stack_id = download-trial
[lmpool:auto_generated_pool_forwarder]
description = auto_generated_pool_forwarder
quota = MAX
slaves = *
stack_id = forwarder
[lmpool:auto_generated_pool_free]
description = auto_generated_pool_free
quota = MAX
slaves = *
stack_id = free
[lmpool:auto_generated_pool_enterprise]
description = auto_generated_pool_enterprise
quota = MAX
slaves = *
stack_id = enterprise
[license]
active_group = Enterprise
[sslConfig]
enableSplunkdSSL = true
useClientSSLCompression = true
useSplunkdClientSSLCompression = true
enableSplunkSearchSSL has been moved to web.conf/[settings]/enableSplunkWebSSL
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
