Using HTTP with a HTTPS Proxy Forwarder in Splunk
I recently ran into an issue with the Splunk Forwarder and found that we can solve it with a simple python script udpate. This is applicable to the Salesforce app for Splunk, but could be applicable to other use cases as well.
Here, the requirement was to install the Salesforce TA into Splunk and configure the TA to pull data from Salesforce into Splunk. After downloading the TA and enabling the necessary inputs from Salesforce, I checked Splunk for data…nothing.
Why isn’t the Salesforce data coming into Splunk??
Next, I went to the internal logs in Splunk by executing the following search: index=_internal log_level=ERROR for the last 15 minutes.
The Splunk internal logs show the step-by-step execution of the script and the constraining error:
urllib2.URLError: <urlopen error> [Errno 110]
This error is generated from the urllib2 script and indicates an issue with the connection process to Salesforce.
Troubleshooting Steps:
1. First check to make sure that the proxy has been appropriately configured as an environmental variable.
2. Go into the CLI and run the following commands.
i. export http_proxy=”http://fwdproxy.any.function1.com:8080”
ii. export https_proxy="https://fwdproxy.any.function1.com:8080"
3. Run the wget command from the CLI to see if the new url will connect
i. wget https://login.salesforce.com/services/Soap/c/28.0/0DFA00000004Vf8
ii. If it is able to connect, you should see the following messages:
--2013-09-24 15:25:43-- https://login.salesforce.com/services/Soap/c/28.0/0DFA00000004XXX
Resolving fwdproxy.any.function1.com... 172.01.01.01
Connecting to fwdproxy.any.function1.com..172.01.255.01|:8080... connected.
Proxy request sent, awaiting response...
4. Check to see if the script is getting data from Salesforce. In our example, the error still exists, and stems from a limitation in urllib2 regarding proxy use through http only. The limitation is as follows:
“Connections to a proxy must use HTTP and not HTTPS due to a limitation in urllib2, where it does not implement the HTTP CONNECT method. All traffic between the proxy and Salesforce will of course be sent over HTTPS."
So how do I fix this issue??
It turns out that this can be fixed by editing the http.py code to instruct the indexer to use the proxy with http and not run the https script.
Add the following lines to the http.py script to bypass the https.py script.
proxy = {'http':'PUT PROXY HERE'}
url.add_handler(u2.ProxyHandler(proxy))Lines 118-119 in the image below show where the lines are inserted in this script:
Once the script is updated, the urllib2 script will run and allow Salesforce data to flow into Splunk! With this custom fix, it should be noted that it's not upgrade-safe. So you'll need to make sure and update the script again if the upgrade replaces this file.
Another code has been cracked.
- Log in to post comments
Function1, Inc. Copyright 2024. All Rights Reserved