Fresh install of DB Connect 2 (2.1.2) on Splunk Enterprise search head (6.3.1). We've been able to configure a Connection, Identity, and an Output and everything tests fine. However, the scheduled db output fails to insert the search results in to the database. The only error is in the dbx2.log:
02/03/2016 15:00:02 [CRITICAL] [mi_output.py] HTTP Error 401: Unauthorized
I can't find any denials in audittrail. No related errors show up in any of the internal indexes. From what I can tell, the dboutput runs as "admin", which has all perms. None of the app permissions have been changed from their default(s).
Has anyone seen this before? I feel there's something obvious I'm missing....
↧