After installing Splunk 5.0.2 release on Ubuntu Server 12.10 (with kernel 3.5.0-17), I am frequently getting the following error while trying to access it:
400 Bad Request
Illegal cookie name uid
Traceback (most recent call last):
File "/opt/splunk/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 581, in respond
self.process_headers()
File "/opt/splunk/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 653, in process_headers
raise cherrypy.HTTPError(400, msg)
HTTPError: (400, 'Illegal cookie name uid')
Powered by CherryPy 3.1.2
Suggestions / tips to get rid of the error would be helpful.
Thanks, Mitesh Vohra.
If you're running other web services on the same machine your browser will send the cookies you use for those services as well, which can cause CherryPy (the web server component Splunk uses) to throw this error. More information available for instance in the following threads:
http://splunk-base.splunk.com/answers/8215/illegal-cookie-name
http://splunk-base.splunk.com/answers/3602/can-splunk-accept-cookies-with-colon-embedded
Not possible. The VirtualBox instance was connected over "Virtual-Host Only" mode of network connection. It took the IP Address from the VirtualBox DHCP Server. I have accessing the server in FireFox incognito/private mode.
Perhaps the IP/hostname of your virtual server previously belonged to some other host that ran a web application that issued cookies? It doesn't need to have been recently - as long as the user's web browser keeps sending the cookies (i.e. they haven't expired) you will experience the same problem.
@Ayn: Thanks for the help and the links.
However, the Ubuntu Server is running on Oracle Virtualbox with just OpenSSH-Server running on it and does not have any other service/role configured on it.
I am changing my job by end of this week and, hence, my access to the setup has been revoked. I can no longer troubleshoot the problem stated in the question.