Below are some pointers to help in debugging the application:

Search for modular input errors

Run a search for the following and see if the logs indicate a problem with the modular input:

index=_internal (sourcetype=web_availability_modular_input ERROR) OR (traceback AND NOT sourcetype=splunkd_ui_access)

Search for REST handler errors

Run a search for the following and see if the logs indicate a problem with the REST handler:

index=_internal source=*website_monitoring_rest_handler.log

Input fails and generates a "ConnectionError"

This can happen when the following is

  1. The IP address is invalid (if referring to the host by IP)
  2. The domain name cannot be resolved
  3. The port number provided is invalid (if a port is specified)
  4. Network connectivity is lost or a firewall blocks the connection

I have seen numerous of these issues which turned out to be due to environmental issues in the customer's network. I suggest starting with the assumption that the app is correct and that the network issues are real.

I'm seeing slow responses

This is similar to the issue described above. I suggest examining the network connection for possible issues. Additionally, make sure that the host that is running the inputs is not overloaded (high CPU usage or high memory usage).

Troubleshooting modular inputs that don't appear in the Splunk Manager

Look in the messages link in the top right of the page to see if you have a message like this:

Unable to initialize modular input "web_ping" defined inside the app "website_monitoring": Introspecting scheme=web_input: script running failed (exited with code 1).

You can search the internal log for related errors that indicate the modular input could not start:

index=_internal "ModularInputs - Unable to initialize modular input" 

The best way to identify the source of the error if the modular input cannot be loaded by Splunk is to try to load it via Splunk's python interpreter directly.

Here is an example. Consider the modular input is in the following path: /opt/splunk/etc/apps/website_monitoring/bin/

To test this, go to the path /opt/splunk/etc/apps/website_monitoring/bin/ using the CLI:

cd /opt/splunk/etc/apps/website_monitoring/bin/

Next, run Splunk's python against the file:

/opt/splunk/bin/splunk cmd python

This should show an error, such as:

Traceback (most recent call last):
  File "", line 1, in <module>
NameError: name 'somethingnotdefined' is not defined

Determining the cause of errors relating to "splunkd connection error"

This happens when the input is running but Splunkd fails to respond when the input attempts to determine if a proxy server was configured. This appears to happen to Splunk installs that are running fine. In most cases that I can verify, it happens when Splunk has just been started. These can likely be safely ignored unless other issues have been observed that are related or if you see a large number of them.

Authentication is failing against sites that use Windows Authentication (a.k.a. NTLM authentication)

Search the Website Monitoring logs for information that indicates which authentication type is being used. The app will attempt to discover the authentication type automatically. If this fails, then authentication will not succeed.

| search index=_internal sourcetype="web_availability_modular_input" auth_type

Why are newly added URLs triggering continuously irrespective of Interval time? Or, how do I fix errors "Failed to save checkpoint directory"?

This can happen when the app doesn't have access to the modular input checkpoint directory. Check the permissions of the modular input checkpoint directory (e.g. "C:\Program Files\Splunk\var\lib\splunk\modinputs\web_ping") to see if the account that Splunk runs under has read/write access to it.

If it doesn't, edit the permissions. The input should begin functioning correctly as soon as the permissions are set correctly.

Some of my inputs that use authentication are not working and I am seeing the error "Unable to determine authentication type"?

Websites can support several types of authentication. The input tries to determine what type of authentication the website supports. The error "Unable to determine authentication type" occurs when the input couldn't determine the type of authentication that the websites supports. When this happens, it will default to HTTP Basic authentication.

Some of my inputs are returning a 403 error even though I haven't told them to use authentication.

This is likely because you have a proxy server configured but you input is unable to authenticate with the proxy. Oftentimes, this happens because there is a global HTTP proxy defined using using environment variables (often in $SPLUNK_HOME/etc/splunk-launch.conf).

To get around this, define a value for the proxy_ignore setting in website_monitoring.conf. You can also set this using the setup page for the Website Monitoring app. Set the value of the "Server Ignore List" to "*", like this:

setup.png View (50.1 KB) Luke Murphey, 03/25/2019 11:02 PM