Hello Support, How to connect uberAgent to Splunk Cloud Trial
I Have try using https://xxxxx.splunkcloud.com:8088 and Authorization but not connect.
Hello Support, How to connect uberAgent to Splunk Cloud Trial
I Have try using https://xxxxx.splunkcloud.com:8088 and Authorization but not connect.
The settings were all correct and the problem has been solved
Hi Eduardo,
The Splunk Cloud trial uses a self-signed certificate that is not trusted by Windows, and therefore it is not trusted by uberAgent as well. For a POC, add the config flags TLSVerifyHostDisabled and TLSVerifyPeerDisabled to the [Miscellaneous] section in the uberAgent.conf. For production, use a valid certificate in Splunk Cloud or add the self-signed certificate to all endpoints.
[Miscellaneous]
DebugMode = true
ConfigFlags = TLSVerifyHostDisabled,TLSVerifyPeerDisabled
Please let us know if this works. If not, we can create a support ticket where you can share log files with us.
Best regards
Dominik
Hi Dominik,
using your support I managed to eliminate the error, but now I am facing this next error.
2024-06-20 09:39:16.726 -0300,WARN ,WORKGROUP,DESKTOP-EDDU$,24536,CurlSend,Timeout occurred while sending to host: https://prd-xxx.splunkcloud.com:8088. Configured timeout in ms: 10000. Please check the configuration option MaxEventsPerSendOperation in the recevier stanza. Message size in bytes: 10960. Full URL: https://prd-xxx.splunkcloud.com:8088/services/collector
uberAgent can't reach your Splunk Cloud instance. Maybe firewall ports are not open?
Can you connect via Telnet or similar as the user SYSTEM to Splunk Cloud? uberAgent is running as SYSTEM and sometimes firewall rules are tied to machines and users.
Best regards
Dominik
I don't have a firewall on this network.
Now it gives me two different errors and the other one no longer appears.
1 -
2024-06-20 11:43:58.366 -0300,ERROR,WORKGROUP,DESKTOP-EDDU$,24536,SendSingleElement,Sending to https://prd-xxx.splunkcloud.com:8088/services/collector failed with (code: 400): {"text":"Data channel is missing","code":10}
2 -
2024-06-20 11:43:36.304 -0300,INFO ,WORKGROUP,DESKTOP-EDDU$,16756,ReceiverStatistics,Splunk; https://prd-xxxx.splunkcloud.com:8088 - Name: Default (POQ) - Bulk events in queue: <3>, queue size: <108.9> KB, bulk events sent: <0>, bulk events sent overall: <19016>, bulk events added to queue: <102>, bulk events added to queue overall: <2659>, rejected from queue: <0>, generated events: <3961>, total generated events: <103724>
We've created a ticket for you as we need log files that can contain sensitive information.
Any findings will be posted here as well.