All Apps and Add-ons

'REST ERROR[1104]: Poster REST handler error - timed out'

fatemabw
New Member

Hi All,

After long time, we finally got the Splunk Add-on for MS Cloud Services on our Search Heads and Heavy forwarder.
I followed the steps listed in the blog: https://www.splunk.com/blog/2017/07/27/splunking-microsoft-cloud-data-part-1.html
When I add the O365 account, I get the "Timeout for getting data from the authenticating window." error on the GUI of the Heavy forwarder.
When looked into the splunkd.log file, it lists following entires regarding the REST request:

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': Traceback (most recent call last):

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/bin/runScript.py", line 78, in

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': execfile(REAL_SCRIPT_NAME)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunk_ta_ms_o365_rh_common_poster.py", line 56, in

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': admin.CONTEXT_APP_AND_USER)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 130, in init

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': hand.execute(info)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 595, in execute

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': if self.requestedAction == ACTION_EDIT: self.handleEdit(confInfo)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunktamscs/splunktaucclib/rest_handler/poster.py", line 94, in handleEdit

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': RH_Err.ctl(1104, msgx=exc)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': File "/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunktamscs/splunktaucclib/rest_handler/error_ctl.py", line 149, in ctl

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': raise BaseException(err)

10-29-2018 15:36:52.055 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/bin/runScript.py execute': BaseException: REST ERROR[1104]: Poster REST handler error - timed out

10-29-2018 15:36:52.077 -0400 ERROR AdminManagerExternal - External handler failed with code '1' and output: 'REST ERROR[1104]: Poster REST handler error - timed out'. See splunkd.log for stderr output.

Any ideas what the issue could be? and how to resolve it?

Thanks,
FBW

Tags (1)
0 Karma

fatemabw
New Member

Figured it out. It was the proxy issue, as the Forwarder is behind a proxy, had to configure the proxy setup in the correct place for the Add-on to make requests to the internet using the proxy.

Got it to working by:
There is a config file inside the apps folder under the add-on, where the proxy settings has to be explicitly mentioned.

Under: /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/local/splunk_ta_ms_o365_client_settings.conf
[proxy]
proxy_enabled = 1
proxy_rdns = 1
proxy_type = http

proxy_password = password of proxy account

proxy_port = 8000
proxy_url = proxy1.your.server.com
disabled = 0

proxy_username = user name of proxy account

Hope it's helpful to anyone who is having similar issues in future 🙂

Thanks,
Fatema.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...