Solved: Re: Splunk Instrumentation error

DMohn · ‎01-30-2019

Hi all,

I keep on getting the following error in my logs:

message from "python /opt/splunk/etc/apps/splunk_instrumentation/bin/instrumentation.py" HTTPSConnectionPool(host='e1345286.api.splkmobile.com', port=443): Max retries exceeded with url: /1.0/e1345286/57d8a3f1-7eb3-5a4f-abd0-a902083af286/100/0?hash=none (Caused by <class 'socket.error'>: [Errno 104] Connection reset by peer)

We are not using any MINT connections, hence I am a bit flustered by the 'splkmobile' URL...

Can anyone lead me into the right direction to fix this?

chrisyounger · ‎01-30-2019

Hi @DMohn

This looks like the "phone home" that Splunk does to attempt to report on license utilization. It can be disabled by going to Settings >Instrumentation >Usage data cog

Read and agree to the displayed warning if you try to disable.

Hope this helps, Chris.

View solution in original post

chrisyounger · ‎01-30-2019

Hi @DMohn

This looks like the "phone home" that Splunk does to attempt to report on license utilization. It can be disabled by going to Settings >Instrumentation >Usage data cog

Read and agree to the displayed warning if you try to disable.

Hope this helps, Chris.

DMohn · ‎01-30-2019

Thanks @chrisyoungerjds - this is exactly what I was looking for. I have disabled the phone home and will check on the logs again.

Splunk Instrumentation error

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases

Detecting Remote Code Executions With the Splunk Threat Research Team